advertisement
▼
Scroll to page 2
of 546
EPICenter™ Software Installation and User Guide Version 4.1 Extreme Networks, Inc. 3585 Monroe Street Santa Clara, California 95051 (888) 257-3000 http://www.extremenetworks.com Published: June, 2003 Part number: 100143-00 Rev. 01 ©2003 Extreme Networks, Inc. All rights reserved. Extreme Networks and BlackDiamond are registered trademarks of Extreme Networks, Inc. in the United States and certain other jurisdictions. EPICenter, ExtremeWare, ExtremeWare Vista, ExtremeWorks, ExtremeAssist, ExtremeAssist1, ExtremeAssist2, PartnerAssist, Extreme Standby Router Protocol, ESRP, SmartTraps, Alpine, Summit, Summit1, Summit4, Summit4/FX, Summit7i, Summit24, Summit48, Summit Virtual Chassis, SummitLink, SummitGbX, SummitRPS and the Extreme Networks logo are trademarks of Extreme Networks, Inc., which may be registered or pending registration in certain jurisdictions. The Extreme Turbodrive logo is a service mark of Extreme Networks, which may be registered or pending registration in certain jurisdictions. Specifications are subject to change without notice. Solaris is a trademark of Sun Microsystems, Inc. This product includes software developed by the Apache Software Foundation (http://www.apache.org). This product contains copyright material licensed from AdventNet, Inc. (http://www.adventnet.com). All rights to such copyright material rest with AdventNet. All other registered trademarks, trademarks and service marks are property of their respective owners. 2 Contents Preface Chapter 1 Introduction Terminology 17 17 Conventions 18 Related Publications 19 EPICenter and Policy Manager Overview Introduction 21 Summary of Features Simple Inventory Management The Alarm System The Configuration Manager The Grouping Manager The IP/MAC Address Finder Interactive Telnet Applet ExtremeView Configuration and Status Monitoring Real-Time Statistics Topology Views Enterprise-wide VLAN Management The ESRP Manager The STP Monitor Dynamic Reports Distributed Server Mode Security Management EPICenter Stand-alone Utilities 22 23 23 23 23 24 24 24 24 25 25 25 26 26 26 26 27 EPICenter Components Extreme Networks Switch Management 27 28 Extreme Networks Device Support 29 Third-Party Device Support 29 Overview of the Policy Manager 29 EPICenter Software Installation and User Guide 3 Contents Chapter 2 Basic EPICenter Policy Definition 30 Policy Types Access-based Security Policies IP-Based Policies (Access List Policies) Source Port Policies VLAN Policies 31 31 33 36 37 Policy Named Components 38 Policy Access Domain and Scope 41 Using Groups in Policy Definitions Precedence Relationships within the Policy Manager 42 43 Policy Configuration 43 Cisco Device Support Cisco Port Mappings Limitations on Cisco Device Support 44 44 44 EPICenter Policy Limitations 45 Installing the EPICenter Software Installation Overview 47 Server Requirements Windows 2000 or Windows XP Solaris 48 48 48 Client Requirements 49 Browser Requirements for Reports 49 EPICenter Software Licensing Obtaining an Evaluation License Obtaining a Permanent License Upgrading an Evaluation License Adding a License for an Optional Product 50 50 50 50 51 Upgrading from a Previous Release 51 Installing on a Windows 2000 or Windows XP System Adding or Updating the License Key 52 55 Installing on a Solaris System Required Patches Local Name Resolution Installing the EPICenter Server Adding or Updating a License Key Setting Up SNMP Version 3 for Solaris and Windows 56 56 56 56 61 62 Installing the EPICenter Client 62 Installing the Stand-Alone Client Application on Windows 2000 or Windows XP 63 Installing the Stand-Alone Client Application in the Solaris Operating Environment 64 4 EPICenter Software Installation and User Guide Contents Uninstalling the EPICenter Software Uninstalling the EPICenter Server on Windows 2000 or Windows XP Uninstalling the EPICenter Stand-Alone Client Application on Windows 2000 or Windows XP Uninstalling the EPICenter Server in Solaris Uninstalling the EPICenter Stand-Alone Client Application in Solaris Chapter 3 Chapter 4 66 66 67 67 68 Starting EPICenter Running the EPICenter Server Software under Windows Starting the EPICenter Server Shutting Down the EPICenter Server Components Restarting the EPICenter Server Components as Services 69 69 70 71 Running the EPICenter Server Software under Solaris Starting or Restarting the EPICenter Server Shutting Down the EPICenter Server Components 71 71 71 The EPICenter Client 72 Running the EPICenter Stand-alone Client Viewing Reports from the Stand-Alone Client 72 74 Running the EPICenter Client in a Browser 74 The Network Status Summary Report Page The Distributed Server Summary The “About EPICenter” Page 77 78 79 Navigating the EPICenter Applications The Navigation Toolbar Main Applet Frame The Component Tree The Status/Detail Information Panel Moving the Component Tree Boundary Resizing Columns Sorting Columns Applet Function Buttons Printing from EPICenter 80 80 82 82 83 84 84 85 85 86 Using the Inventory Manager Overview of the EPICenter Device Inventory Gathering Device Status Information 87 88 Displaying the Network Device Inventory 89 Viewing Device Status Information Viewing Device Information from Pop-up Menus 90 92 Discovering Network Devices 95 EPICenter Software Installation and User Guide 5 Contents Chapter 5 6 Adding Devices and Device Groups Adding a Device Creating a Device Group 100 100 102 Modifying Devices and Device Groups Modifying a Device Modifying a Device Group 104 104 107 Deleting Devices and Device Groups from the Database Deleting a Device Deleting a Device Group 109 109 110 Updating Device Information 111 Configuring Default Access Parameters 112 Finding Devices 114 Displaying Properties All Device Group Properties Device Properties 115 115 117 The EPICenter Alarm System Overview of the EPICenter Alarm System 121 The Alarm Log Browser Acknowledging an Alarm Deleting Alarm Log Entries Deleting Groups of Log Entries Viewing Alarm Details Filtering the Alarm Display Deleting Alarm Log Filters Pausing All Alarms 122 124 124 124 126 126 128 129 Defining Alarms Creating a New Alarm Definition Modifying Alarm Definitions Deleting Alarm Definitions 129 130 138 138 Alarm Categories Creating a New Alarm Category Modifying an Alarm Category Deleting an Alarm Category 138 138 139 139 Threshold Configuration Creating an Event Rule Modifying a Rule Deleting a Rule Resynchronizing the RMON Rules Configuring Other SNMP Trap Events 139 142 150 151 151 152 Configuring EPICenter as a Syslog Receiver 153 EPICenter Software Installation and User Guide Contents Chapter 6 Chapter 7 Setting EPICenter as a Trap Receiver 153 Log Archive 154 Writing Tcl Scripts for Alarm Actions The Tcl Scripting Environment 155 155 Configuration Manager Overview of the Configuration Manager Viewing Device Information from Pop-up Menus 157 159 Uploading Configurations from Devices 163 Archiving Configuration Settings Device Schedules Global Schedules 165 165 167 Downloading Configuration Information to a Device 168 Downloading an Incremental Configuration to Devices Creating an Incremental Configuration File 169 170 Upgrading Software Images Performing a Multi-Step Upgrade Upgrading Images on Devices Upgrading BootROM on Devices Upgrading Slot Images on Modular Devices 170 171 173 177 178 Selecting Software Images 181 Specifying the Current Software Versions 182 Performing a Live Software Update Obtaining New Software Images 183 184 Configuring the TFTP Server 186 Finding Devices 187 Displaying Properties Device Group Properties Device Properties 187 188 188 Using the Interactive Telnet Application Overview of the Interactive Telnet Applet 191 Using Telnet with Extreme Switches Running ExtremeWare Command Macros Running a Telnet Session on an Individual Switch 191 192 196 Using Interactive Telnet with Third-Party Devices 199 EPICenter Software Installation and User Guide 7 Contents Chapter 8 Chapter 9 8 Viewing Device Information from Pop-up Menus Properties Alarms Browse EView Statistics Sync VLANs 199 199 200 200 200 200 201 201 Finding Devices 201 Displaying Properties Device Group Properties Device Properties 202 202 202 The Grouping Manager Overview of the Grouping Manager 205 Displaying EPICenter Groups and Resources Resource Details Grouping Manager Functions 207 209 210 Creating a New Resource 211 Deleting Resources 213 Adding a Resource as a Child of a Group 213 Removing A Child Resource from a Group 216 Adding Relationships to a Resource Removing Relationships from a Resource 216 218 Adding and Removing Attributes 219 Searching for a Resource Setting up a Resource Search Searching from the Main Toolbar Searching from the Add Resources or Add Relationship Window 221 222 224 225 Importing Resources Importing from an LDAP Directory Importing from a File Importing from an NT Domain Controller or NIS Server 225 227 228 232 Using the IP/MAC Address Finder Overview of the IP/MAC Finder Applet ExtremeWare Software Requirements 233 234 Tasks List Summary Window 234 Creating a Search Task 236 EPICenter Software Installation and User Guide Contents Detailed Task View Exporting Task Results to a Text File Chapter 10 Chapter 11 238 240 Using ExtremeView Overview of the ExtremeView Application 243 Viewing Device Status Information 244 Viewing Switch Configuration Information 248 Viewing Switch Statistics 253 Finding Devices 255 Viewing Device Information from Pop-up Menus Properties Alarms Browse Statistics Sync Telnet VLANs 256 256 257 257 258 258 258 258 Displaying Properties Device Group Properties Device Properties Slot Properties Port Properties 259 259 259 260 263 Real-Time Statistics Overview of Real-Time Statistics 267 Displaying Multi-port Statistics 269 Displaying Statistics For a Single Port 271 Changing the Display Mode 273 Setting Graph Preferences 274 Taking Graph Snapshots 277 Viewing Device Information from Pop-up Menus Properties Alarms Browse EView Sync Telnet VLANs 279 279 279 280 280 280 280 281 EPICenter Software Installation and User Guide 9 Contents Displaying Properties Device Group Properties Device Properties Slot Properties Port Properties Chapter 12 Chapter 13 10 281 281 281 282 283 Network Topology Views Overview of EPICenter Topology Views 285 Displaying a Network Topology View Map Elements Map Element Description Panel 286 287 291 Manipulating Topology Views and Maps Creating a New View or a New Map Node Placement Criteria in an Auto Populate View Adding Elements to the Map Editing the Map Setting View Properties Map Viewing Functions 292 293 294 297 301 304 305 Displaying VLAN Information 313 Using the Tools Menu Mark Links Mode Adding Links to a VLAN Connecting an Edge Port to a VLAN Device Alarms Device Browse Device Statistics Device Telnet Device View Device VLANs Device Properties 315 315 315 317 318 319 319 319 319 320 320 Using the VLAN Manager Overview of Virtual LANs 321 Displaying a VLAN Viewing VLANs on a Switch Viewing Switches in a VLAN Viewing VLAN Member Ports Viewing Device Information from Pop-up Menus 322 324 325 326 328 Adding a VLAN 330 Deleting a VLAN 333 EPICenter Software Installation and User Guide Contents Chapter 14 Chapter 15 Chapter 16 Modifying a VLAN Modifying a VLAN from the Toolbar Modifying a VLAN from the Component Tree Menu 334 335 337 Adding and Deleting Protocol Filters 338 The Spanning Tree Monitor Overview of the Spanning Tree Monitor 341 Displaying STP Domain Information Displaying STP VLAN Configurations Displaying STP Device Configurations Displaying STP Port Information 342 344 344 346 Viewing STP Domain Properties from Pop-Up Menus STP Properties VLAN Properties The Device Pop-Up Menu 347 347 348 348 The ESRP Manager Overview of the ESRP Manager 351 Viewing ESRP Detail Information 353 Administering EPICenter Overview of User Administration Controlling EPICenter Access The EPICenter RADIUS Server Setting EPICenter Server Properties 355 355 356 356 Starting the EPICenter Client for the First Time Changing the Admin Password 357 358 Adding or Modifying User Accounts 358 Deleting Users 360 Changing Your Own User Password 360 RADIUS Administration RADIUS Server Configuration RADIUS Client Configuration Disabling RADIUS for EPICenter 361 362 363 363 Server Properties Administration Devices Properties Scalability Properties SNMP Properties Topology Properties External Connection Properties Other Properties 363 365 366 367 368 369 369 EPICenter Software Installation and User Guide 11 Contents Distributed Server Administration Configuring a Server Group Member Configuring a Server Group Manager Chapter 17 Chapter 18 12 370 371 372 Dynamic Reports Overview of EPICenter Reports 373 Network Status Summary Report 374 Dynamic Reports 375 Viewing Predefined EPICenter Reports Report Filtering Server State Summary Report Device Inventory Report Slot Inventory Report Device Status Report VLAN Summary Report Voice VLAN Summary Report Interface Report Resource to Attribute Mapping Report Unused Ports Report User to Host Mapping Report Network Login Report Alarm Log Report Event Log Report System Log Report Configuration Management Log Report 376 376 378 379 381 382 382 383 383 384 385 385 386 386 387 387 388 Printing EPICenter Reports 389 Exporting Reports 389 Creating New Reports Creating or Modifying a Report Adding a User-Defined Report to the Reports Menu Debugging 389 391 392 392 Voice over IP Manager Overview of Voice Over IP Management 395 Viewing VoIP VLAN Settings 395 Selecting VLANs for VoIP 397 QoS Settings for a VoIP VLAN Default Configuration Attributes Minimum Bandwidth Calculations 400 401 402 Configuring QoS Settings 404 EPICenter Software Installation and User Guide Contents Chapter 19 Chapter 20 VoIP Reports Voice VLAN Summary Report 407 407 Known Behaviors and Problems 407 Using the Policy Manager Using the Policy Manager 409 Policies View Policy Definition Page Policy Traffic Page 411 412 414 Creating a New Policy 416 Edit Policy Endpoints Window 423 Edit Policy Access Domain/Policy Scope Window 425 Modifying Policies 427 Deleting a Policy 429 Resetting a Policy 429 Configuring Policy Precedence 430 Viewing and Modifying QoS Profiles 431 Configuring QoS Policies Auto Configuration Directed Configuration 433 433 434 The ACL Viewer ACL Viewer Summary Displays 438 Access List Display Policy Rule Comparison View Policy Rules View Configured Rules 439 441 442 442 VLAN QoS Display Policy Rule Comparison View Policy Rules 443 444 445 Source Port QoS Display Policy Rule Comparison View Policy Rules View Configured Rules 445 447 448 448 QoS Profile Display 449 Network Login/802.1x Display 450 Cisco Device Policy Setup 451 EPICenter Software Installation and User Guide 13 Contents Appendix A Appendix B 14 Troubleshooting Troubleshooting Aids Using the Stand-alone Client Application Using the Browser-based Client (Windows Only) 455 455 456 EPICenter Client 457 EPICenter Database 458 EPICenter Server Issues 459 VLAN Manager 461 Alarm System 462 ESRP Manager 464 Inventory Manager 464 ExtremeView 465 Grouping Manager 466 Printing 466 Topology 466 STP Monitor 467 Reports 467 EPICenter Utilities The DevCLI Utility Using the DevCLI Commands DevCLI Examples 469 470 472 Inventory Export Scripts Using the Inventory Export Scripts Inventory Export Examples 473 473 475 The SNMPCLI Utility Using the SNMPCLI Utility SNMPCLI Examples 476 476 477 Port Configuration Utility 477 The AlarmMgr Utility Using the AlarmMgr Command AlarmMgr Output AlarmMgr Examples 479 479 481 481 The FindAddr Utility Using the FindAddr Command FindAddr Output FindAddr Examples 481 482 483 484 EPICenter Software Installation and User Guide Contents Appendix C Appendix D Appendix E Appendix F The TransferMgr Utility Using the TransferMgr Command TransferMgr Examples 484 484 486 The VlanMgr Utility Using the VlanMgr Command VlanMgr Output VlanMgr Examples 487 487 489 489 The ImportResources Utility Using the ImportResources Command ImportResources Examples 490 490 492 EPICenter External Access Protocol External Access Protocol Overview 493 External Access Protocol Structure EPICenter Server Commands 493 496 Tcl Client API Installing and Using the Tcl Client API Tcl Exported Functions 498 499 499 EPICenter Database Views Device Report View 505 Interface Report View 507 Database Event Log View 508 Database Alarm Log View 509 Event Types for Alarms SNMP Trap Events 511 RMON Rising Trap Events 515 RMON Falling Trap Events 515 EPICenter Events 516 EPICenter Backup EPICenter Log Backups 517 Database Utilities 518 The Validation Utility Using the DBVALID Command-line Utility Database Connection Parameters 518 518 519 EPICenter Software Installation and User Guide 15 Contents The Backup Utility The DBBACKUP Command-line Utility Database Connection Parameters Installing a Backup Database Appendix G Appendix H 16 519 519 520 520 Dynamic Link Context System (DLCS) Overview of DLCS 523 Using DLCS with the Policy Manager 523 DLCS Properties 524 Enabling DLCS on an Extreme Switch 524 DLCS Limitations ISQ Improvements 524 525 EPICenter Policy System Feature Comparison ExtremeWare 6.2 Features Supported 527 ExtremeWare 6.0.x and 6.1.x Features Supported 528 ExtremeWare 5.x Features 529 ExtremeWare 4.x Features 530 Cisco Internetworking Operating System (IOS) 11.2 Features 531 EPICenter Policy Issues and Limitations 531 EPICenter Software Installation and User Guide Preface This preface provides an overview of this guide, describes guide conventions, and lists other useful publications. Introduction This guide provides the required information to use the EPICenter software. It is intended for use by network managers who are responsible for monitoring and managing Local Area Networks, and assumes a basic working knowledge of: • Local Area Networks (LANs) • Ethernet concepts • Ethernet switching and bridging concepts • Routing concepts • The Simple Network Management Protocol (SNMP) NOTE If the information in the EPICenter Release Note and Quick Start Guide shipped with your software differs from the information in this guide, follow the Release Note. Terminology When features, functionality, or operation is specific to the Summit, Alpine, or BlackDiamond switch family, the family name is used. Explanations about features and operations that are the same across all Extreme switch product families simply refer to the product as the “Extreme device” or “Extreme switch.” Explanations about features that are the same for all devices managed by EPICenter (both Extreme devices and others) are simply refer to “devices.” EPICenter Software Installation and User Guide 17 Preface Conventions Table 1 and Table 2 list conventions that are used throughout this guide. Table 1: Notice Icons Icon Notice Type Alerts you to... Note Important features or instructions. Caution Risk of unintended consequences or recoverable loss of data. Warning Risk of permanent loss of data. . Table 2: Text Conventions Convention Description Screen displays This typeface represents information as it appears on the screen. Screen displays bold This typeface indicates how you would type a particular command. The words “enter” and “type” When you see the word “enter” in this guide, you must type something, and then press the Return or Enter key. Do not press the Return or Enter key when an instruction simply says “type.” [Key] names Key names appear in text in one of two ways. They may be • referred to by their labels, such as “the Return key” or “the Escape key.” • written with brackets, such as [Return] or [Esc]. If you must press two or more keys simultaneously, the key names are linked with a plus sign (+). For example: Press [Ctrl]+[Alt]+[Del]. Words in bold type Bold text indicates a button or field name. Words in italicized type Italics emphasize a point or denote new terms at the place where they are defined in the text. 18 EPICenter Software Installation and User Guide Related Publications Related Publications The EPICenter documentation set includes the following: • The EPICenter Software Installation and User Guide (the manual you are reading) • EPICenter SE Release Note and Quick Start Guide • EPICenter License Agreement The EPICenter Software Installation and User Guide can be found online in Adobe Acrobat PDF format, in the docs subdirectory of the EPICenter installation directory. You must have Adobe Acrobat Reader version 3.0 or later (available from http://www.adobe.com free of charge). Other manuals that you will find useful are: • ExtremeWare Software User Guide • ExtremeWare Quick Reference Guide For documentation on Extreme Networks products, and for general information about Extreme Networks, see the Extreme Networks home page: • http://www.extremenetworks.com Customers with a support contract can access the Technical Support pages at: • http://www.extremenetworks.com/support/database.htm The technical support pages provide the latest information on Extreme Networks software products, including the latest Release Note, information on known problems, downloadable updates or patches as appropriate, and other useful information and resources. Customers without contracts can access manuals and patches at: • http://www.extremenetworks.com/support/documentation.asp EPICenter Software Installation and User Guide 19 Preface 20 EPICenter Software Installation and User Guide 1 EPICenter and Policy Manager Overview This chapter describes: • The features of the EPICenter™ software • The EPICenter software components • An overview of the Policy Manager features • An introduction to the concepts that are fundamental to creating policies using the EPICenter Policy Manager • A brief comparison of the features available through the EPICenter Policy Manager with the features available through the ExtremeWare Command Line Interface (CLI) Introduction Today's corporate networks commonly encompass hundreds or thousands of systems, including individual end user systems, servers, network devices such as printers, and internetworking systems. Extreme Networks™ recognizes that network managers have different needs, and delivers a suite of ExtremeWare™ management tools to meet those needs. EPICenter is a powerful yet easy-to-use application suite that facilitates the management of a network of Summit™, BlackDiamond™, and Alpine™ switches, as well as selected third-party switches. EPICenter makes it easier to perform configuration and status monitoring, create virtual LANs (VLANs), and implement policy-based networking in enterprise LANs with Extreme Networks switches. EPICenter offers a comprehensive set of network management tools that are easy to use from a client workstation running EPICenter client software, or from a workstation configured with a web browser and the Java plug-in. EPICenter leverages the three-tier client/server architecture framework represented by Java applets, and can be accessed using Microsoft Internet Explorer or with Sun’s Java Plug-in. The EPICenter application and database support two of the most popular operating environments in the marketplace, Microsoft Windows 2000/XP and Sun Microsystems Solaris. Integration with HP OpenView and other third-party network management software products provides additional flexibility. EPICenter Software Installation and User Guide 21 EPICenter and Policy Manager Overview Summary of Features In large corporate networks, network managers need to manage systems “end to end.” The EPICenter software is a powerful, flexible and easy-to-use application for centralizing the management of a network of Extreme switches and selected third-party devices, regardless of the network size. The EPICenter software provides the vital SNMP, HTML, and CLI-based tools you need for network-wide management of Extreme Networks Summit, Black Diamond, and Alpine switches. • Network Control. The EPICenter software provides configuration and monitoring of Extreme Networks' switches and selected third-party devices anywhere on the network simultaneously. • Intelligent Management. Extreme SmartTraps™ (patent pending) automatically gather switch configuration changes and forward them to the EPICenter server, thereby minimizing network management traffic. EPICenter separates its “heartbeat” polling, used to asses a device’s connectivity, from its less frequent and more data-intensive status polling. • Hierarchical Displays. Most information, including that found in EPICenter topology maps, VLAN management, configuration management, and real-time statistics, is dynamically presented in an easy-to-navigate hierarchical tree. • Multi-platform capability. The EPICenter server supports Sun SPARC/Solaris and Intel, Windows 2000, and Windows XP. Client applications on either of these platforms can connect to servers on either platform. • Support for multiple users with security. Users must log in to the application, and can be granted different levels of access to the application features. • Web-based or installed clients. The EPICenter software gives you a choice of installing client software, or connecting to the EPICenter server through a web-browser-based client, available on Windows client machines. • Manage large numbers of devices. The EPICenter server can manage up to 2000 devices with a single installation of the EPICenter software. For even larger networks you can split the management task among several EPICenter servers in a distributed server mode that lets you monitor the status of those servers from a single client. Extreme Networks switches and many other MIB-2 compatible devices can be monitored and controlled from a central interface, without exiting EPICenter to run a separate program or telnet session. Features such as SmartTraps and the EPICenter alarm system further maximize network monitoring capability while maintaining network usage efficiency. You can organize your network resources into non-exclusive groups (including groups made up of selected ports from multiple switches) that you can manage as a single entity. Device groupings can be based on a variety of factors. For example, physical location, logical grouping, devices that support SSH2, and so on. Using device groups, you can search for individual IP addresses and identify their connections into the network. You can monitor the status of your network devices either visually, through the ExtremeView applet, or by setting alarms that will notify you about conditions or events on your network devices. You can get a high-level overview of the status of your network devices displayed as a hierarchical topology map. These features and more are described in more detail in the following sections, and in the remaining chapters of this manual. 22 EPICenter Software Installation and User Guide Summary of Features Simple Inventory Management EPICenter’s Inventory Manager applet keeps a database of all the devices managed by the EPICenter software. Any EPICenter user can view status information about the switches currently known to the EPICenter database. The EPICenter Inventory Management applet provides an automatic discovery function. Users with the appropriate access can use this feature to discover Extreme and other MIB-2 devices by specific IP address or within a range of IP addresses. Network devices can also be added to the EPICenter database manually, using the Inventory Manager Add function. Once a network device is known to the EPICenter database, you can assign it to a specific device group, and configure it using the VLAN Manager, the Configuration Manager, or the ExtremeView tool. EPICenter also provides a command-line utility that lets you create device groups and import large numbers of devices into the inventory database through scripts, to streamline the process of adding and organizing devices for management purposes. The Alarm System The EPICenter Alarm System provides fault detection and alarm handling for the network devices monitored by the EPICenter software. This includes Extreme devices and some third-party devices—those that the EPICenter software can include in its Inventory database. The Alarm System also lets you define your own alarms that will report errors under conditions you specify, such as repeated occurrences or exceeding threshold values. You can specify the actions that should be taken when an alarm occurs, and you can enable and disable individual alarms. Fault detection is based on SNMP traps, RMON traps, Syslog messages, and some limited polling. The Alarm System supports SNMP MIB-2 and the Extreme Networks private MIB. You can also configure alarms based on certain event thresholds, or on the content of Syslog messages. When an alarm occurs you can specify actions such as sending e-mail, forwarding a trap, running a program, running a script, or sounding an audible alert. The Configuration Manager The EPICenter Configuration Manager applet provides a mechanism and a graphical interface for uploading and downloading configuration files to and from managed devices. It can also download ExtremeWare software images and BootROM images to Extreme Networks devices, or to Extreme modules that include software. The Configuration Manager provides a framework for storing the configuration files, to allow tracking of multiple versions. Configuration file uploads can be performed on demand, or can be scheduled to occur at regular times—once a day, once a week, or at whatever interval is appropriate. The Grouping Manager One of the powerful features of the EPICenter software is its ability to take actions on multiple devices or resources with a single user action. The Grouping Manager facilitates this by letting you organize various resources into hierarchical groups, which can then be referenced in other applets. You can then take actions on a group, rather than having to specify the individual devices or ports that you want to affect. EPICenter Software Installation and User Guide 23 EPICenter and Policy Manager Overview You can also create or import named resources such as users and workstations, which can be mapped through the Grouping Manager to IP addresses and ports. This capability is especially important in relationship to the optional Policy Manager applet, which takes advantage of these types of resources to simplify the creation of QoS and Access List policies. The IP/MAC Address Finder The IP/MAC Address Finder applet lets you search for specific network addresses (MAC or IP addresses) and identify the Extreme Networks switch and port on which the address resides. You can also use the IP/MAC Finder applet to find all addresses on a specific port or set of ports. You can export the results of your search to a file, either on the server or on your local (client) system. Interactive Telnet Applet The ExtremeView Telnet feature includes a macro capability that lets you create and execute scripts of CLI commands repeatedly on multiple devices in one operation. You can save your macros for reuse at other times. Results of the most recent macro run on each device are saved into log files, and can be viewed from within the Telnet applet. You can also use the interactive Telnet capability to view and modify configuration information for some Cisco and 3COM devices as well as for Extreme Networks devices. ExtremeView Configuration and Status Monitoring With the ExtremeView applet, any Extreme Networks switch can be monitored through a front panel image that provides a visual device representation, and can be configured without leaving the EPICenter client to invoke another program or Telnet session. The ExtremeView applet displays detailed information about the status of Extreme switches in a number of categories. Any EPICenter user can view status information about the network devices known to the EPICenter database. Users with the appropriate access permissions can also view and modify configuration information for those switches through the ExtremeWare Vista graphical user interface, accessed through the ExtremeView applet. Real-Time Statistics The Real-Time Statistics feature of the EPICenter software provides a graphical presentation of utilization and error statistics for Extreme switches in real time. The data is taken from Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. You can choose from a variety of styles of charts and graphs as well as a tabular display. You can view data for multiple ports on a device, device slot, or within a port group, optionally limiting the display to the “top N” ports (where N is a number you can configure). You can also view historical statistics for an individual port. If you choose to view a single port, the display shows the value of the selected variable(s) over time, and can show utilization history, total errors history, or a breakdown of individual errors. In addition, the Real-Time Statistics applet lets you “snapshot” a graph or table as a separate browser page. You can then save, print, or e-mail the page. 24 EPICenter Software Installation and User Guide Summary of Features Topology Views The EPICenter software’s Topology applet allows you to view your network (EPICenter-managed devices and the links between Extreme Networks devices) as a set of maps. These maps can be organized as a tree of submaps that allow you to represent your network as a hierarchical system of campuses, buildings, floors, closets, or whatever logical groupings you want. The Topology applet can automatically add device nodes to your map as devices are added to EPICenter software’s device inventory. The EPICenter software automatically detects and adds links that exist between Extreme Networks devices, and organizes the device nodes into submaps as appropriate. The links between devices provide information about the configuration and status of the links. You can customize the resulting maps by creating submaps, moving map elements within or between submaps, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and customizing the look and labeling of the discovered nodes themselves. In addition, options are available to organize and optimize the map layout to display very large numbers of devices with the minimum of device and link overlap. The Topology applet also provides information about the VLANs configured on devices in a topology view. Using the Display VLANs feature, you can visually see which links and devices are configured for a selected VLAN, or select a specific device or link to see what VLANs are configured on that device. You can also configure a VLAN in a topology by adding ports or trunk links. Finally, from a managed device node on the map, you can invoke other EPICenter functions such as the alarm browser, telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare Vista for the selected device. Enterprise-wide VLAN Management A virtual LAN (VLAN) is a group of location- and topology-independent devices that communicate as if they were on the same physical local area network (LAN). The EPICenter VLAN Manager is an enterprise-wide application that manages many aspects of VLANs on Extreme Network’s Summit, BlackDiamond, and Alpine switches. Any EPICenter user can view status information about the VLANs known to EPICenter across the network. Users with the appropriate access can create and delete VLANs, add and remove ports from existing VLANs, and create and modify the protocol filters used to filter VLAN traffic. When creating or modifying a VLAN, you can get EPICenter to determine whether there is connectivity between the devices you have included in the VLAN, and if not, it can recommend what ports and devices you should add to achieve connectivity. The ESRP Manager The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs. You can view a summary status for all the ESRP-enabled VLANs being monitored by the EPICenter software. You can also view detailed information for an individual ESRP-enabled VLAN and the switches in those VLANs. EPICenter Software Installation and User Guide 25 EPICenter and Policy Manager Overview The STP Monitor The EPICenter Spanning Tree Protocol (STP) Monitor module displays information about STP domains network-wide at the domain, VLAN, device, and port levels. The STP Monitor can monitor STP domains configured on devices running ExtremeWare 6.2.2 or later. Earlier versions of ExtremeWare supported the Spanning Tree protocol. STP information via SNMP is available starting with ExtremeWare version 6.2.2. Dynamic Reports EPICenter Reports are HTML pages that can be accessed separately from the main EPICenter user interface, without logging in to the Java user interface. The Reports module can also be accessed from the EPICenter Navigation toolbar. A Summary Report is also displayed on the main EPICenter “home” page that provides basic information on the status of EPICenter devices and alarms. From this report you can access other more detailed reports. The EPICenter reports are HTML pages that do not require Java capability, and thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface. This means reports can be loaded quickly, even over a dial-up connection, and it also provides the ability to print the reports. The Reports capability provides a number of predefined HTML reports that present information from the EPICenter database. You can also create your own reports by writing Tcl scripts. Distributed Server Mode To manage very large numbers of network devices, or devices that are geographically distributed, the management task can be divided up between multiple EPICenter servers. Each server in the server group is updated at regular intervals with network summary and status information from the other servers in the group. From the EPICenter home page, a client attached to any one of the servers in the server group can view summary status information from the other servers in the group in addition to the standard Network Summary report. The EPICenter client also lets the user easily navigate between the different servers in the group to see detailed management information about the devices managed by those servers. Security Management In order to access EPICenter features, a user must log in with a user name and a password. EPICenter provides three access levels: • Monitor—users who can view status information only. • Manager—users who can modify device parameters as well as view status information. • Administrator—users who can create, modify and delete EPICenter user accounts as well as perform all the functions of a user with Manager access. The EPICenter Admin applet enables configuration of EPICenter as a Remote Authentication Dial In User Service (RADIUS) server. As an alternative, it can be configured as a RADIUS client, or RADIUS authentication functionality can be disabled. When EPICenter acts as a RADIUS server, it can be contacted by RADIUS clients (such as Extreme Networks switches) to configure access permissions for Extreme switches, and to authenticate user names and passwords. The use of the RADIUS server avoids the need to maintain user names, 26 EPICenter Software Installation and User Guide EPICenter Components passwords, and access permissions in each switch, and instead centralizes the configuration in one location in EPICenter. EPICenter Stand-alone Utilities The EPICenter software provides several stand-alone utilities or scripts that streamline the process of getting information into and out of the EPICenter database, or facilitate certain device troubleshooting functions. These are the following: • The DevCLI utility lets you add devices to and remove devices from the EPICenter inventory database via command, and supports batch additions and deletions specified via a file. • A set of Inventory Export scripts that enable you to export information from the EPICenter database about the devices that are being managed. The information is provided in a format suitable for import into other applications, such as a spreadsheet. • The SNMPCLI utility provides SNMP Get, GetNext, and SNMP walk features that may be needed to obtain device MIB information for troubleshooting. • A set of utilities that provide a command line interface to several EPICenter software functions. These include the AlarmMgr utility, FindAddr utility, TransferMgr utility, and VlanMgr utility. These utilities enable you to perform certain EPICenter functions from the command line (or through a script) rather than through the EPICenter graphical user interface. Results from the Alarm Manager utility and the Find Address utility can be output to a file. EPICenter Components The EPICenter software is made up of three major functional components: • The EPICenter Server, which is based on the Tomcat Java server. The server is responsible for downloading applets, running servlets, managing security, and communicating with the database. • A Relational Database Management System (RDBMS), Sybase Adaptive Server Anywhere, which is used as both a persistent data store and a data cache. • EPICenter client applications. This can be an installed client application that runs on a Windows 2000/XP or Solaris system. For Windows systems only, the client can also be a set of Java applets downloaded from the server to the client on demand into a Java-enabled browser running the Java plug-in ( Java 1.3.1_03 ). EPICenter Software Installation and User Guide 27 EPICenter and Policy Manager Overview Figure 1 illustrates the architecture of the EPICenter software. Figure 1: EPICenter software architecture Windows client system Windows or Solaris client system Browser with Java plug-in Installed client EPICenter applets Browser EPICenter applets HTML reports TCP sockets Server system EPICenter server Application objects Relational database SNMP Extreme device Telnet Extreme device Third-party device XM_021 Extreme Networks Switch Management The EPICenter software uses SNMP to monitor and manage the devices in the network. To avoid the overhead of frequent device polling, the EPICenter software also uses a mechanism called SmartTraps to identify changes in Extreme Networks device configuration. When an Extreme Networks switch is added to the EPICenter database, the EPICenter software creates a set of SmartTraps rules that define what events (status and configuration changes) the EPICenter server needs to know about. These rules are downloaded into the Extreme Networks switch, and the EPICenter server is automatically registered as a trap receiver. Subsequently, whenever a status or configuration change takes place, the ExtremeWare software in the switch uses the SmartTraps rules to determine if the EPICenter server should be notified. These changes can be changes in device status, such as fan failure or overheating, or configuration changes made on the switch through the ExtremeWare CLI or ExtremeWare Vista. The EPICenter server does a “heartbeat” check, by default every five minutes, of all the devices it is managing to determine if the devices are still accessible. It also does a full poll of each device at longer intervals. This interval for this less frequent status polling can be adjusted on each individual device. The EPICenter software also gives you the ability to gather device status at any time using the Sync feature in the Inventory Manager applet. 28 EPICenter Software Installation and User Guide Extreme Networks Device Support Extreme Networks Device Support Extreme Networks devices running the ExtremeWare software version 2.0 or later, are supported by most features in the EPICenter system, including the VLAN Manager and the graphical display features of the ExtremeView applet. Some features, such as ESRP, or the Policy Manager, require more recent versions of the ExtremeWare software. NOTE See the EPICenter Release Note and Quick Start Guide or the Extreme Networks web site for the most current information on device support in the EPICenter software. Third-Party Device Support Any device running a MIB-2 compatible SNMP agent can be discovered by the EPICenter Inventory manager, and saved in the Inventory database. All devices in the database can also appear on a topology map. The EPICenter alarm system can handle SNMP traps from any device in the inventory database, including RMON traps from devices with RMON enabled. The Real-Time Statistics module can display statistics for any device with RMON enabled, the IP/MAC Finder applet supports all devices running MIB-2 and the Bridge MIB, with the exception of user mapping, which is specific to Extreme devices. Third-party devices that support SNMP version 3 (SNMPv3) are discovered as SNMP version 1 (SNMPv1) and are added to the EPICenter database as SNMPv1 devices. In the Telnet applet, you can use the Telnet feature with any device that supports a Telnet interface. In the ExtremeView applet, all Extreme devices and selected third-party devices (including certain Cisco and 3COM devices) can display a device-specific front panel view in the Summary view. In addition, vendor-specific generic images are available for additional devices, such as Sun and Nortel, and a standard generic image can be displayed for all other “unknown” devices. New device images and configuration description files may be added over time—check the Extreme Networks web site for information on new device support. Overview of the Policy Manager Policy-based management is used to protect and guarantee delivery of mission-critical traffic. A network policy is a set of high-level rules for controlling the priority of, and amount of bandwidth available to, various types of network traffic. Using EPICenter, policies can be defined in terms of individual users and desktop systems, not just by IP or MAC addresses, ports, or VLANs. The EPICenter Policy Manager lets you work with high-level policy components (users, desktop systems, groups of users or systems, applications, and groups of devices and ports) in defining policies. The policy system translates those policy components into the specific information needed for QoS configuration of network devices. It also detects overlaps and conflicts in policies, with precedence rules for resolving conflicting QoS rules. EPICenter Software Installation and User Guide 29 EPICenter and Policy Manager Overview NOTE The EPICenter policy system is based on the policy-based QoS capabilities in the ExtremeWare software. For details on the capabilities and implementation of QoS in Extreme Networks switches, see the ExtremeWare Software User Guide or the ExtremeWare Release Note for the version(s) of the software running on your switches. The EPICenter Policy Manager is a separately-licensed component of the EPICenter product family. When a Policy Manager license is installed on the EPICenter server, the Policy icon appears in the Navigation Toolbar at the left of your browser window. If no icon is present, it indicates that no current license can be found for the Policy Manager module. See the EPICenter Software Installation and User Guide or the EPICenter Release Note and Quick Start Guide for information on obtaining and installing a license. The EPICenter Policy Manager is organized into two functional areas. • The Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme Networks devices. The organizing principle within the Policies view is the policy definition. • The ACL Viewer, where you can view the access list and QoS rules generated by the Policy Manager for the devices in your network. You cannot modify EPICenter policy definitions from within this view. However, you can modify QoS configuration settings for Cisco devices. The organizing principle within the ACL Viewer is the network device. From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy precedence, and configure the currently-enabled policies on one or more devices. The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the network resources that can be used as traffic endpoints or to specify the policy scope in a policy definition. Resources must be set up through the Grouping Manager or Inventory Manager before you can use them in a policy definition. You should be thoroughly familiar with the Grouping applet before you begin to define policies using the Policy Manager. Basic EPICenter Policy Definition A QoS policy in the EPICenter Policy Manager is composed of the following components: • A Name and Description that you supply when you create the policy. The Description is optional. • The Policy Type, which translates to the implementation type (Access-based Security QoS, IP QoS, Source Port QoS, or VLAN QoS). The implementation type determines the type of traffic grouping the switch will look for in implementing the policy. This in turn determines what type of endpoints are allowed in your traffic definition, and how some of the other elements, such as traffic direction, are handled. • A definition of the Access List (for Security policies) or Policy Traffic (for IP policies) to be affected by the policy. You define the policy traffic by specifying the endpoints the switch should use to identify the traffic of interest. The EPICenter Policy Manager lets you define the endpoints using a high-level set of resources described below (see “Policy Named Components” on page 38 for more details). • The Access Domain or Scope of the policy—the set of network devices on which to apply the policy. 30 EPICenter Software Installation and User Guide Policy Types • The EPICenter Policy Manager converts the high-level policy definition you create into a set of low-level ACL and QoS rules that it will configure on the devices within the scope or domain of the policy. To do this, the Policy Manager takes the following steps: a Converts the endpoint components and the specified traffic direction into traffic patterns. b Uses the policy domain or scope to determine the device(s) and ports on which the QoS rules should be implemented. c Determines the QoS profiles to associate with the traffic flows for each device in the scope. d Resolves any QoS rule conflicts using precedence relationships. e Configures the QoS rules on the network switches either automatically (if Auto Configuration is enabled) or when you initiate the configuration using one of the directed configuration operations. Policy Types The EPICenter Policy Manager supports four types of policies: Access-based Security QoS policies, IP QoS (Access List) policies, Source Physical Port QoS policies, and VLAN QoS policies. These policies assign QoS profiles to traffic flows that are identified based on dynamically determined destination port, IP-based endpoint addressing information, physical port of origin, or VLAN origin. This release of the EPICenter Policy Manager does not support policies for traffic based on MAC address destination information or on explicit class of service (802.1P and DiffServ) information. ExtremeWare versions 5.0 or later support IP, VLAN and source port types. Only ExtremeWare 7.0 supports Security policies. ExtremeWare versions prior to 5.0 support only VLAN-based QoS. Thus, although the Policy Manager supports IP, Access-based Security, and Source Port policies, non-i-series devices will not be able to use those policies unless they are running ExtremeWare version 5.0. The Policy Manager will not attempt to configure policies on devices that cannot support them. In the EPICenter Policy Manager, each policy type acts somewhat like a template, allowing you to specify only components that are valid for the policy type. For example, the Policy Manager expects you to enter two sets of endpoints for a Security or an IP policy, but only a single set of endpoints for a VLAN or Source Port policy. In addition, the Policy Manager will only show endpoints of valid types in the Select Policy Traffic list in the Edit Policy, Network Resource, Server, Clients or Users Endpoints windows. Access-based Security Policies Access-based Security Policies represent a new policy type similar to IP policies. They are dynamic policies which are designed and typically implemented at the edge of the network to enforce user based security on an IP basis whenever and wherever the user connects. The principal difference is that the ACL rules associated with the policy are dynamically applied to and removed from the network in response to network login and 802.1x login and logout events. The IP addresses are static in nature and determined by the network resources. The device port the user logs on dynamically determines the user IP addresses. In addition, unlike IP policies, security policies are applied only on the device through which the user logged on. These policies operate in concert with the currently defined static policies and other access-based security policies and share the same precedence properties. You use Access-based Security policies for a number of important reasons. One primary function of these policies is to protect core network resources by controlling and enforcing security for user access at the point of entry to the network (e.g. edge network devices). Additionally, these policies allow you to augment the basic yes/no security provided by Netlogin with a finer grain control of access levels. EPICenter Software Installation and User Guide 31 EPICenter and Policy Manager Overview Users can be granted or denied access to certain areas of the network and users can be given different service level guarantees by the use of different QoS profiles. You also use Access-Based Security policies to grant various levels of service on a per user or user group level. By using different QP assignments on a per user or user group basis in the access domain of the security policy, each user receives a specific level of service on the edge device port. Static IP policies should be defined in conjunction with dynamic user policies to establish a baseline security access level and QoS level for all users. Typically, these static IP policies would be used to deny access to sensitive network resources and/or to provide a base level quality of service. These static IP policies should have lower precedence than the dynamic user based security policies to allow the dynamic user based security policies to override the static IP policies on a per user basis. Access-based Security policies are implemented with dynamic ACL allocation/deallocation on a per edge device port basis by the policy server based on current users on the network. The ACL rules are only applied to the single edge device port in the access domain on demand upon user network login (netlogin / 802.1x). This differs from the static IP, VLAN and source port policies which apply the ACL rules in a persistent manner on devices specified by the policy scope. In the EPICenter Policy Manager, the endpoints of the traffic flow for Access-based Security policies are defined as one or more services and users. The EPICenter Policy Manager lets you specify the endpoints using named resources, such as user names or host names, or groups that include such resources. If you specify a group resource as an endpoint, only the resources within the group (and its subgroups) that can be mapped to an IP or subnet address will be used as policy endpoints on the network services side. The default traffic direction for Access-based Security policies is user to network resource(s), which creates ACL rules with the source IP address as the user's IP address and the destination IP address as the network resource IP addresse. This secures the network as the user is denied or permitted access to the network resource(s). The bidirectional traffic setting is used when security policies grant access and additionally provide quality of service. The quality of service for the traffic between the user and the network resource(s) can be prioritized and guaranteed by the assignment of a specific quality profile on a per user basis. You can also further define the network resource-side traffic endpoints by specifying a named application or service, which translates to a protocol and L4 port, by directly specifying a protocol and L4 port range, or by using the Custom Applications group to collect a series of protocols and ports under one application. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases you can also specify client-side L4 ports. The ICMP protocol is not currently supported. The Policy Manager determines the traffic flows of interest based on the combination of endpoints and direction you have specified, and creates a set of IP QoS rules that can be implemented on the appropriate edge device (the login device). Figure 2 shows the effects of a uni-directional Access-based Security policy specified between server Iceberg and users A, B, and C. The policy domain includes only the two rightmost switches. The effect of this policy is that Access-based Security QoS rules are implemented for one traffic flow through the upper switch and two through the lower switch, from Users A, B and C to the server called Iceberg. No rules are implemented on the intervening switches. Although not shown in this diagram, you can specify multiple servers as well as multiple users. 32 EPICenter Software Installation and User Guide Policy Types Figure 2: Access-based QoS policy An Access-based Security policy specifies traffic flow between two endpoints, one of which is dynamically determined when the user logs in on the network. The policy is applied only at the entry point to the system and does not need to be specified on each possible internal device that might be in the path for that policy. This reduces the policy load on the rest of the system. On the contrary, for an IP policy, the policy must be specified on each intermediate device in the path between the endpoints. The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components. Therefore, you can specify server “Iceberg” as the server endpoint, and users “A,” “B,” and “C” as user endpoints. In addition, you can indicate that the traffic from the server should be filtered only to include traffic generated by the Baan application, which translates to TCP traffic originating from L4 port 512. Ports are not specified for the users. More details of the traffic flow can be seen in the following sections. IP-Based Policies (Access List Policies) An IP-based policy identifies IP traffic flowing between specific source and destination endpoints, and then assigns that traffic to a QoS profile. For IP QoS, the traffic of interest is identified using any combination of IP source and destination addresses, layer 4 protocol, and layer 4 (L4) port information. In the EPICenter Policy Manager, the endpoints of the traffic flow are defined as one or more servers and clients. The EPICenter Policy Manager lets you specify the endpoints using named resources such as user names or host names, or groups that include such resources, as long as they can be mapped to an IP address. If you specify a group resource as an endpoint, only the resources within the group (and its subgroups) that can be mapped to an IP or subnet address will be used as policy endpoints. You can also further define the server-side traffic endpoints by specifying a named application or service, which translates to a protocol and L4 port, or by directly specifying a protocol and L4 port EPICenter Software Installation and User Guide 33 EPICenter and Policy Manager Overview range. The EPICenter Policy Manager currently supports TCP and UDP as L4 protocols. In some cases you can also specify client-side L4 ports. The ICMP protocol is not currently supported. The Policy Manager determines the traffic flows of interest based on the combination of endpoints and direction you have specified, and creates a set of IP QoS rules that can be implemented in the appropriate network devices. Figure 3 shows the effects of a bi-directional IP policy specified between server Iceberg and clients A, B, and C. The policy scope includes all three switches. The effect of this policy is that IP QoS rules are implemented for six traffic flows on each switch: from the server to each of the three clients, and from each client to the server. Although not shown in this diagram, you can specify multiple servers as well as multiple clients. Figure 3: IP QoS policy Policy scope Server Iceberg Application: Baan (TCP, L4 port 512) Client A Client B Client C XM_016 Unlike the VLAN and source port policy types, Security and IP policies specifies a traffic flow between two endpoints, and that traffic may travel through multiple network devices between those two endpoints. Thus, to protect the specified traffic along the entire route, the policy should be implemented on all the devices between the two endpoints. This is done by including these devices in the policy scope. On each device along the route, the traffic is identified based on the endpoint definitions (the IP address, protocols, and L4 ports), and is assigned to the specified QoS profile on that device. The diagrams shown in Figure 4 illustrate how the traffic flows are generated for the example shown in Figure 3. The EPICenter Policy Manager lets you specify the policy traffic flow in terms of named components. Therefore, you can specify server “Iceberg” as the server endpoint, and clients “A,” “B,” and “C” as client endpoints. In addition, you can indicate that the traffic from the server should be filtered only to include traffic generated by the Baan application, which translates to TCP traffic originating from L4 port 512. Ports are not specified for the clients. Because they were defined through the EPICenter Grouping Manager, the Policy Manager can translate these high-level server and client names to IP addresses. Based on this information as well as the specified traffic direction, the Policy Manager generates the set of traffic flows shown in the table at the bottom of Figure 4. The diagram shows the steps involved in translating from the high-level objects (host name and service) to IP addresses and L4 ports and protocols, to a set of traffic flows used in policy rules. 34 EPICenter Software Installation and User Guide Policy Types Figure 4: Translation of a client/server policy definition into traffic flows Server Client Iceberg A + Baan B + ANY Server Traffic direction: BOTH Client 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 * * TCP 512 Server 10.2.3.4 C Client TCP 512 10.4.0.1 10.4.0.2 10.4.0.3 Destination IP Destination L4 port Source IP 10.2.3.4 10.2.3.4 10.2.3.4 10.4.0.1 10.4.0.2 10.4.0.3 TCP 512 TCP 512 TCP 512 10.4.0.1 10.4.0.2 10.4.0.3 10.2.3.4 10.2.3.4 10.2.3.4 * * * * * * * * * Source L4 port * * * TCP 512 TCP 512 TCP 512 XM_017 Note that the potential number of traffic flows can get very large if you specify a large number of endpoints for both servers and clients. For “n” servers and “m” clients, the number of traffic flows affected by the policy will be m*n. For this reason, the use of subnets rather than large numbers of individual unicast IP addresses is recommended, when possible, for IP policies that involve multiple endpoints. When both subnet and unicast IP addresses are in the endpoint, the Policy Manager determines the minimum set of IP/subnet addresses that are needed to represent all the addresses in the endpoint specification. For example, if you specify policy endpoints as 10.2.0.0/16, 10.2.0.1, and 10.2.0.25, the Policy Manager will use only 10.2.0.0/16 The IP QoS rules generated from EPICenter IP policy definitions are also known as Access List rules, because they define and control IP-based access between endpoints. A rule implementing IP-based QoS between server A and client B effectively defines the access allowed between those two endpoints. Access rules intended to permit access between the endpoints are implemented using one of the QoS EPICenter Software Installation and User Guide 35 EPICenter and Policy Manager Overview profiles (QP1 through QP4 or QP8) that allow access, within the bandwidth and priority constraints defined by the QoS profile. An access rule intended to deny access from one endpoint to another is implemented in the EPICenter Policy Manager using the “blackhole” QoS profile. IP-based QoS policies (or Access List policies) are supported on Extreme devices running ExtremeWare 5.0 or later— all i-series devices, and non-i-series devices running ExtremeWare 5.0x. This means that all devices in the scope for an IP policy must be running ExtremeWare 5.0 or later. Source Port Policies A Source Port policy identifies traffic originating from a specific port on an Extreme switch, and assigns that traffic to a QoS profile. In the policy definition, you specify as endpoints the specific ingress ports from which the traffic will originate. As shown in Figure 5, a source port policy is always uni-directional and implements Source Port QoS on the traffic flow from the specified source port. Figure 5: Source Port policy Policy scope Server IP address QP2 (802.1p tag) QP2 XM_018 You can specify multiple source ports in a single policy, and you can specify them by providing higher-level resources such as a host name, user name, or a group, as long as the resources can be mapped by the Policy Manager to a port on a switch. If you specify a group, only the resources within the group (and its subgroups) that map to source ports will be used as policy endpoints. In the case of source port QoS, the endpoint specification and the scope are theoretically redundant, because the endpoint specification effectively defines the scope of the policy. However, you must specify both the endpoint and the policy scope. If there are devices in the policy scope (for example, when the scope resource is a group) that are not related to the ports specified as endpoints. These will not be affected by the source port policy definition. For more details, see “Policy Access Domain and Scope” on page 41. Unlike IP QoS, a Source Port QoS rule is implemented only on the device where the source port resides. However, you can enforce QoS throughout the network using 802.1Q tagging—specifically by explicit packet marking using 802.1p or DiffServ. If the switch ports used for output use 802.1Q tagging, the QoS profile assignment will be carried via the 802.1p priority bits to the next switch. On i-series chipset devices, you can also enable DiffServ examination and replacement to observe and carry the QoS setting with the packet between switches. The use of 802.1p priority bits is enabled when you enable tagging, which you can do using the EPICenter VLAN Manager applet. DiffServ examination must be enabled using the ExtremeWare CLI or through ExtremeWare Vista. See the ExtremeWare Software User Guide for versions 6.0 or later for details on using 802.1p and DiffServ. Source port QoS policies are supported on Extreme devices running ExtremeWare 5.0 or later— all i-series devices, and non-i-series devices running ExtremeWare 5.0. This means that the endpoints used to define Source Port policies must be on devices running ExtremeWare 5.0 or later. 36 EPICenter Software Installation and User Guide Policy Types VLAN Policies A VLAN policy identifies traffic originating from the member ports of one or more VLANs, and assigns that traffic to a QoS profile. The Policy System implements VLAN QoS for all the traffic flows from the specified VLANs, on the devices you have defined in your policy scope. Figure 6 shows the effects of a VLAN Policy that has been specified for VLAN A, and scoped on switches A and B. The policy specifies that traffic originating from ports that are members of VLAN A should use QoS profile QP2. Thus, this policy affects traffic originating from the ports associated with client 1 on switch A, clients 5 and 6 on switch B, and the link between switches A and B. Traffic originating from client 2 on switch A is not affected, since it originates on a port that is not a member of VLAN A. In addition, traffic originating from client 4 on switch C is also not affected, even though it is a member of VLAN A, because switch C was not included in the policy scope. Figure 6: VLAN policy Client 3 Client 2 Switch C VLAN B QP2 VLAN B VLAN A QP2 VLAN A Switch A VLAN B QP2 VLAN A Client 4 VLAN B (802.1p tag) (802.1p tag) QP2 VLAN A Switch B Client 1 VLAN A QP2 VLAN A QP2 QP2 Policy scope VLAN A Client 5 VLAN A Client 6 XM_019 Like Source Port QoS, VLAN QoS rules are implemented only in the devices included in the policy scope that have the specified VLAN. To enforce QoS settings across switch/VLAN boundaries you must use 802.1Q tagging—specifically through explicit packet marking using 802.1p or DiffServ. If the switch ports used for output use 802.1Q tagging, the QoS profile assignment will be carried via the 802.1p priority bits to the next switch. On i-series chipset devices, you can also enable DiffServ examination and replacement to observe and carry the QoS setting with the packet between switches. The use of 802.1p priority bits is enabled when you enable VLAN tagging, which you can do through the EPICenter VLAN Manager applet. DiffServ examination must be enabled using the ExtremeWare CLI or through ExtremeWare Vista. See the ExtremeWare Software User Guide for versions 6.0 or later for details on using 802.1p and DiffServ. EPICenter Software Installation and User Guide 37 EPICenter and Policy Manager Overview In the example shown in Figure 6, if the links between switches A and C and switches B and C use tagging (as shown in the diagram), the QoS profile information specified by the VLAN policy will be propagated into switch C, for traffic originating on the links between the switches. The tag carries information on which QoS profile should be associated with the traffic flow; the configuration of the profile itself is determined by the configuration of each individual switch. If you want to ensure that VLAN QoS is effective end-to-end, you should make sure your switch-to-switch links use tagged ports. Policy Named Components The EPICenter Policy System lets you work with high-level, named components when defining a QoS policy. These high-level policy named components are mapped to policy primitive components that are actually used to create QoS rules that can be implemented in a network device. Policy named components are components such as groups (which are mapped to their individual members), users, and named hosts, which can be mapped to IP addresses and ports. These are represented by the shaded boxes in Figure 7. Policy primitive components are components such as device ports, IP addresses, VLANs, and QoS profiles, that are used to define the QoS rules that will be implemented on a device. These are represented by the white boxes in Figure 7. Policy named components, and most primitive policy components must be defined before they can be used in a policy definition. VLAN, device and port policy primitives must exist in the EPICenter database (that is be known to the Inventory Manager and VLAN Manager) before they can be used in a policy definition. Users, hosts, and group resources must be created (or imported) in the Grouping Manager. IP addresses, subnets addresses, and layer 4 ports can be predefined, or can be entered directly into a policy definition through the Policy Manager user interface. In the case of Access-based Security policies, the destination port is dynamically determined. 38 EPICenter Software Installation and User Guide Policy Named Components Figure 7: EPICenter Policy Manager components Device group Group GUI import User Netlogin/DLCS GUI import Netlogin/DLCS GUI import VLAN Device port GUI import GUI import GUI Device as a Host Host DNS GUI import IP/subnet Policy named components System Application System L4 / L4 range QoS profile Policy primitive components XM_020A The following components are used within the EPICenter Policy Manager: • Groups: Group resources (except for Device Groups) are created in the Grouping Manager. A group can contain devices, ports, custom applications, VLANs, users, hosts, as well as other groups as members. When you use a group in a policy definition, such as to define a traffic endpoint, the Policy Manager looks through the group and its subgroups, and uses in the policy definition only the resources of types that are valid for the policy you are creating. • Devices (by name): Devices are entered into the EPICenter database through the Inventory Manager (Discovery or Add Devices), or the DevCLI utility, and are mapped to IP addresses in the EPICenter database. Devices are assigned to Device Groups in the Inventory Manger. They can also be added as members to other groups through the Grouping Manager. • Device Groups: Device Groups are created within the Inventory Manager, and devices are assigned as members through that same applet. All devices are members of a device group. Device groups can themselves be added as members of other groups, through the Grouping Manager. • Hosts (by name): Host are entered into the EPICenter database through the Grouping Manager, either using the Import capability or through the GUI. A Host to IP address mapping can be established in several ways. The IP address can be added as a component attribute through the GUI or as part of the Import function. Alternatively, the mapping can be obtained through a name lookup service such as DNS. Within the Policy server, IP addresses are mapped to physical ports on an Extreme switch using DLCS, or through relationships created in the Grouping Manager. Hosts can be added as members of groups through the Grouping Manager. • Applications: Applications are named components (such as Baan, FTP, HTTP) that map to a layer 4 protocol and port. A set of applications (with protocol and port mappings) are predefined in the EPICenter database. You can also import application definitions through the Grouping Manager Import function. These definitions appear only in the Policy Manager for an IP QoS policy. • Custom Applications: These are user defined applications and consist of collections of L4 ports. A custom application can consist of a mixture of UDP and TCP ports in any combination of single EPICenter Software Installation and User Guide 39 EPICenter and Policy Manager Overview ports or ranges of ports. Custom Applications are entered into the EPICenter database using the Grouping Manager. • Users (by name): These are entered into the EPICenter database through the Grouping Manager, either using the Import capability or through the GUI. An individual User is typically mapped to a Host by establishing a relationship within the Grouping Manager. User-Host relationships can be specified through the Grouping Manager GUI or as part of the Import function. The Host is then in turn mapped to an IP address and physical ports as described above. Users can be added as members to groups through the Grouping Manager. For Security policies, user-host relationships are established during netlogin/802.1x login and removed upon user logout. • Ports: Ports are entered into the EPICenter database through the Inventory Manager through the Discovery or Add Devices functions. They can be specified individually as part of a policy traffic definition, or they can be members of a group. Ports are added to groups through the Grouping Manager. • VLANs: VLANs are detected by the Discovery or Add Device functions in the Inventory Manager, and can also be created and modified using the EPICenter VLAN Manager. They can be specified individually as part of a VLAN QoS policy traffic definition or they can be members of a group. VLANs are added to groups through the Grouping Manager. • IP addresses/Subnets: IP addresses or subnet addresses are used in Security and IP QoS rules to identify IP traffic flows. IP and subnet addresses can be determined by the Policy Manager from mappings associated with named components such as users or hosts. They can also be entered directly as endpoints in an IP policy traffic definition. • QoS Profiles: QoS profiles provide the definitions of traffic priority, and minimum and maximum bandwidth that, when combined with a traffic flow specification, define a policy. QoS profiles are predefined, but they can be reconfigured from within the Policy Manager. The arrows shown in Figure 7 indicate the mapping relationships between policy named components and policy primitive components. The higher-level component at the start of the arrow can be mapped by the Policy Manager to the component at the end of the arrow. Named components may map directly to a primitive component, or they may map to another named component that in turn maps to a primitive component. For example, the Policy Manager maps a Host component directly to an IP address and a port. However, a User component specified as a traffic endpoint is mapped first to a Host, and then to an IP address and port, which is used to create the policy rules that affect traffic from that user. The labels associated with the arrows depicts how the mapping relationship is created: • GUI indicates that the mapping may be created through the Grouping Manager user interface. • Netlogin/DLCS indicates that the mapping may be obtained through Netlogin or the Dynamic Link Context System (DLCS) operating within Extreme Networks devices. • DNS indicates that the mapping may be obtained via a name lookup service such as DNS. • IMPORT indicates that the mapping relationship can be specified during the import process in the EPICenter Grouping Manager. • SYSTEM indicates that the mapping is predefined, or is set up by the EPICenter server, such as through the Discovery feature in the Inventory Manager. 40 EPICenter Software Installation and User Guide Policy Access Domain and Scope Policy Access Domain and Scope The policy type and policy traffic definitions specify how to identify a traffic flow of interest. The policy access domain (Security policy) or scope (IP policy) definition specifies how to handle that traffic flow on your network devices. The policy access domain or scope definition has three functions: It specifies the network devices on which the policy should be implemented, what the treatment should be on each device in the domain or scope. • You can specify the domain or scope by selecting individual devices, or you can specify groups to include in the policy domain or scope. • You specify the QoS profile that will be associated with the policy traffic for each resource in the domain or scope. If you specify a device individually, then you can also specify a QoS profile for that individual device. However, if you specify a group as a resource, then the QoS profile you select will apply to the policy traffic on all the devices in the group. If a device is specified more than once in the domain or scope (for example, because it is a member of two different groups that are both included in the domain), you can specify which QoS setting will take precedence. • You specify the times of validity using the scheduler tool associated with each policy. You can select which days the policy will be active and you can specify start times and durations for each policy. The following example illustrates some of the issues related to setting the scope for an IP policy. Since the domain for Security policies is limited to the edge device to which the user is connected, many of these issues are not relevant for Security policies. Assume that you want to define an IP policy (Access List rule) applying to all TCP traffic (in both directions) between Host1 and Host2. This defines two traffic flows for the policy: • From any L4 port on Host1 to any L4 port on Host2 • From any L4 port on Host2 to any L4 port on Host1 Initially, you decide to define the scope as follows: • Include all the devices on your network (switches A, B, and C) in the scope • Set QP1 as the profile to be used on all three devices This means that any time any of these switches detects TCP traffic with Host1 as the source and Host2 as the destination (or vice-versa), it will assign that traffic to profile QP1. However, in your network it happens that traffic between Host1 and Host2 would never travel through switch C, so implementing this policy on that switch is not necessary. Further, on switch B, profile QP1 is being used for some very high-priority, application-server traffic, so you want to give your TCP traffic somewhat lower priority on that switch. You can accomplish this by changing the policy scope as follows: • Include only switches A and B in your policy scope. This will leave switch C unaffected by this policy. • Specify profile QP1 for switch A, but a different profile (for example, QP3) for switch B. On switch B, you configure profile QP3 to have the appropriate parameters to accomplish the desired traffic prioritization. Alternatively, it might happen that the high priority traffic on switch B is not using QP1, so you can use QP1 on both switches for the Host1-Host2 traffic. However, you may need to set the parameters for QP1 on switch B differently from the parameters of QP1 on switch A, to accomplish the desired traffic priorities on switch B. EPICenter Software Installation and User Guide 41 EPICenter and Policy Manager Overview It is very important to understand the relationship of the target traffic flow, the QoS profile, and the profile configuration in each switch. The policy rules generated by the EPICenter Policy Manager associate a QoS profile with a particular traffic flow, but the configuration of that profile (its bandwidth and priority parameters) are defined in each individual switch. Therefore, you may create a policy that always associates profile QP1 with the traffic between Host1 and Host2, but the actual treatment of that traffic, in terms of the minimum and maximum bandwidth and traffic priority, may be different in each switch because profile QP1 is configured differently in each switch. Using Groups in Policy Definitions In many cases, you may want to define multiple policies that should apply to the same set of endpoints, or that should have the same set of devices as the policy domain or scope. The ability to create groups of users, hosts, devices, ports, custom applications, and VLANs can make the definition of these policies easier. For example, you may want to define several Access List policies to prioritize traffic between several different application servers and a specific set of users. To accomplish this easily, you could create a group that contains those users, and then use the group as the user or client endpoint in the traffic definition for each of the policies you create. Further, you may want to include the same set of network devices in the scope for these policies. Again, you can create a group for these devices, and use that group to define the scope for each of the policies. You can use the Grouping Manager to define a group of users: • Use the EPICenter Grouping Manager to define the user resources, either by entering them individually through the GUI or by importing them. • Ensure that a mapping relationship exists from each user to an IP address. This is necessary so that the Policy Manager can use them to create identifiable traffic flows. User-host-IP address relationships are often created as part of the import process. If Netlogin/DLCS is running on your Extreme network devices, it may do this mapping for you. You can also create these relationships directly through the Grouping Manager GUI. In the case of Access-based access-based Security policies, the user IP is dynamically determined when the user logs into the system • When you have your user resources set up and mapped to IP addresses, you can create a group and add your users as members of the group. To create a group for the devices you want to use for the policy scope, you have two options: • You can create a Device Group in the Inventory Manager, and assign the devices to this group. • You can add devices as members of a non-exclusive resource group through the Grouping Manager. The same device can be a member of multiple groups of this type, so future grouping requirements do not need to impact the group you set up for your policy scope purpose. Regardless of how you set up your group, you can then use this group to specify the scope for the policies you create. There is one consideration in using a group of devices in a policy scope, which is that the same QoS profile applies to the entire group. For example, if you specify a group in the policy scope, and assign profile QP3 to that group, all devices included in the group will then use QP3 for that policy. The configuration of QP3 may be different on each device, but the policy will always apply QP3, however it is defined, to the traffic flow defined by the policy. (The Policy Manager does allow you to inspect the QoS profiles and their association with policies on devices or device ports, and you can adjust the settings if needed). 42 EPICenter Software Installation and User Guide Policy Configuration The Grouping Manager allows groups to contain members of different resource types, including other groups. However, when you are setting up groups for use with the Policy Manager, it is recommended that you create relatively simple groups that contain only the resources that you intend to use for a single purpose. For example, when you use a group to define a traffic flow, you are specifying that all members of that group (that can be mapped to an IP address) are endpoints of the specified traffic flow. If you define a large group that is used for a variety of purposes, especially one with subgroups as members, you need to ensure that it does not contain members that will result in policy traffic flows other than the ones you intended to specify. Furthermore, if the membership of the group changes after you have implemented your policies, the endpoints for the traffic flow will change. If you have policy auto-configuration enabled, new policy rules will automatically be computed and configured on your network, based on the new traffic flow definition. Precedence Relationships within the Policy Manager The EPICenter Policy Manager has several types of precedence relationships: • Precedence between resources within the scope of a policy • Precedence between EPICenter policies • Precedence between the QoS rules implemented on an Extreme Networks device Each of these has a somewhat different use and effect. Precedence between the resources in a policy scope is used to determine which QoS profile specification should be used when a particular device is specified multiple times within a scope definition. Policy precedence (precedence between policies) is used to determine which policy should be used when multiple policies could apply to the same traffic flow. If this occurs, the policy with higher priority is used by the switch over policies of lower priority. Policy precedence only controls the relationships between policies of the same type. Policies of different types have a predefined precedence relationship: IP QoS policies are the highest priority, Source Port QoS policies are second, and VLAN QoS policies have the lowest priority. For IP policies, policy precedence is implemented by assigning precedence numbers to IP access-lists that are configured to the devices. These precedence numbers may be different on different devices depending on how many policies are active on a given device. The actual IP access-list precedence number is not as important because it is the relative ordering between the precedence numbers from the access-list that matters. Policy Configuration The EPICenter Policy Manager supports automatic configuration of QoS policies. If Auto Configuration is enabled, every change you make on a device or within the EPICenter software has the potential to trigger an immediate recomputation and reconfiguration of the QoS policies on your network. An automatic reconfiguration can be triggered by any of the following events: • Changes to group memberships made through the Grouping Manager or Inventory Manager that affect a group used to define a policy endpoint or policy scope EPICenter Software Installation and User Guide 43 EPICenter and Policy Manager Overview • Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the EPICenter server • A user login or end station reboot when DLCS is enabled • Saving a change to a policy within the Policy Manager If Auto Configuration is disabled, you must explicitly perform the configuration process using one of the directed configuration functions initiated using the Configure or Configure All buttons on the Policy Manager toolbar. The EPICenter policy server also supports policy enabling and disabling, and policy configuration through an external access protocol and API. External applications can use Tcl functions to enable and disable policies, and to configure policies on specified devices. The external access protocol and Client Tcl API are documented in Appendix C of this manual. Cisco Device Support EPICenter software supports Cisco devices running Cisco IOS version 11.2. Later software versions may work but have not been tested. EPICenter 3.1 has been tested with the following models running Cisco IOS 11.2: • Cisco 2500 • Cisco 3600 • Cisco 2610 • Cisco 2621 Other models may also work, but have not been tested. See the EPICenter Release Note and Quick Start Guide that accompanies your software for the most current list of supported models. EPICenter software uses a custom queue list for bandwidth control and a priority queue list for priority control. The custom or priority queue list are bound to each interface independently, so you can specify the queueing strategy individually for any given interface. You also specify the set of access lists, the custom queue list and the priority queue list for the EPICenter software to use. Cisco Port Mappings When EPICenter software pushes a policy to a Cisco device, the device automatically maps well-known TCP and UDP port numbers to names (for example, TCP port 80 to the name “HTTP”). When EPICenter software reads the rules from a Cisco device, it must re-map the name back to a port number. EPICenter software uses a properties file to associate the well-known port names and port numbers. The ciscoipports.properties file is found in the extreme directory under the top-level installation directory (<epicenter-install-dir>/extreme/ciscoipports.properties). If you encounter port-to-name mappings that are not included in this file, you can edit the file with a standard text editor. Limitations on Cisco Device Support Certain policies cannot be fully implemented on Cisco devices to make them function exactly like Extreme devices. 44 EPICenter Software Installation and User Guide EPICenter Policy Limitations Maximum bandwidth parameter in a QoS profile The maximum bandwidth parameter is not used when EPICenter software pushes policies to Cisco devices. EPICenter Policy Limitations The EPICenter Policy Manager does not support the entire set of policy-based QoS features found in the most current versions of the ExtremeWare software. In addition, not all versions of the ExtremeWare software support all the features available through the Policy Manager. Appendix H presents information about how the policy features available in the various versions of the ExtremeWare software are supported by the EPICenter Policy Manager. Appendix H also present a list of issues related to the Policy Manager’s support of policy on Cisco devices. EPICenter Software Installation and User Guide 45 EPICenter and Policy Manager Overview 46 EPICenter Software Installation and User Guide 2 Installing the EPICenter Software This chapter describes: • Hardware and software requirements for the EPICenter server and client • Procedure for obtaining an evaluation or permanent license key for the software • Installing the EPICenter server software under Windows 2000 or Windows XP • Installing the EPICenter client software under Windows 2000 or Windows XP • Setting up Internet Explorer for use with the EPICenter client on a Windows system • Installing the EPICenter server software under the Solaris Operating Environment • Installing the EPICenter client software under the Solaris Operating Environment Installation Overview The EPICenter software includes a set of Java applications, a Web Server, database software, and a client application. The installation process installs all of these components on a Windows 2000 or Windows XP system, or under Solaris 7 or Solaris 8. The EPICenter software offers two different clients. One is an installed client that runs as a stand-alone application on the client workstation. The other client runs within a web browser (Microsoft Internet Explorer under Windows) with the Java Plug-in version 1.3.1 or later. The browser-based client does not require installation, you just point your browser to the EPICenter server. The installed client is installed along with the EPICenter server, and can be installed separately on a client workstation. NOTE See the EPICenter Release Note and Quick Start Guide for the most current information on installation requirements. The EPICenter server installation process installs two components: • The EPICenter Database Engine • The EPICenter Web Server Under Windows 2000/XP you can run these as services, or just as an application. Running them as services is recommended. EPICenter Software Installation and User Guide 47 Installing the EPICenter Software Server Requirements The EPICenter server can run under Microsoft Windows 2000, Windows XP, or Sun Microsystems Solaris Operating Environment, SPARC Platform Edition. Windows 2000 or Windows XP For installation under Windows 2000 or Windows XP, the requirements are: • Microsoft Windows 2000 or Windows XP running on an Intel platform. • 192 MB RAM (256 MB recommended, especially if you plan to run an EPICenter client on the same system). • Disk space depends on the file system used on the disk as well as the number of items (devices, ports, alarms etc.) that the system must handle: — 130 MB of disk space for the server installation. — Up to 150-200 MB for runtime usage (log files, database, user-defined scripts, reports, and so on). — If the disk is using the FAT file system, the EPICenter server could use 20% of the disk (i.e 300MB on a 1 GB disk, 600 MB on a 2GB disk and so on). Installing on a FAT file system is not recommended. You can tell the type of file system by looking at the disk properties. Right-click on the drive letter in the Windows Explorer or My Computer windows. • 400 Mhz Pentium-compatible processor. • CDROM drive (for installation). • A network connection. Solaris For installation under Solaris, the requirements are: • Solaris 7 or Solaris 8 with required patches already installed. • 128 MB RAM (256 MB recommended, especially if you plan to run an EPICenter client on the same system). • As much as 300 MB disk space: — 130 MB of disk space for the server installation — Up to 150-200 MB for runtime usage (log files, database, user-defined scripts, reports and so on) • CDROM drive (for installation) • A network connection The Solaris 7 or Solaris 8 operating environment may require patches for EPICenter to function properly. Make certain these patches have been installed before you install the EPICenter server software. See “Required Patches” on page 56 for more information on obtaining any needed patches. For the most current information on required patches, see the EPICenter Release Note and Quick Start Guide that accompanies your EPICenter software, or check the Extreme Networks web site at www.extremenetworks.com. 48 EPICenter Software Installation and User Guide Client Requirements Client Requirements The EPICenter software provides two options for connecting to an EPICenter server from a client system: a stand-alone client application, or a browser-based client you can run from a web browser such as Microsoft Internet Explorer. On Solaris-based systems, only the stand-alone client is supported. NOTE The browser-based client is supported on Windows-based systems only. The EPICenter client requires a monitor that supports 1024 x 768 resolution, and at least 16-bit color. Your system Display Settings must be set for 65536 colors. The client can also use large amounts of memory. 128 MB of RAM is recommended for best performance (256 MB is recommended if you plan to run the client on the same system as the EPICenter server). The browser-based client is a Java-based application that runs within a web browser such as Microsoft Internet Explorer. Under Windows 2000 or Windows XP, install Internet Explorer 6.0, Internet Explorer 5.0, or Internet Explorer 5.5 with Service Pack 1, and the Java 1.3.1 plug-in. NOTE See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest information about configuration requirements. Browser Requirements for Reports Even if you are running the stand-alone client application, a browser is required to run the EPICenter HTML reports. The EPICenter dynamic reports are HTML pages that do not require Java capability, and thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface. The following browser clients are supported for displaying reports: • Under Windows 2000 or Windows XP, install Internet Explorer 5.5 with Service Pack 1, or Internet Explorer 6.0. • On a Solaris system, install Netscape Navigator/Communicator 4.7 or later To launch the browser and view the EPICenter HTML reports on a Solaris system, you need to include Netscape on the search path. If you do not want to add Netscape to the search path, edit the launchURL.sh script from either the EPICenter server install directory (by default, /opt/extreme/epc4_1) or the EPICenter client install directory (UNIX default directory is /opt/extreme/epc4_1_client). In the launchURL.sh script, replace the word “netscape” with the full path to the Netscape program installed on your system. EPICenter Software Installation and User Guide 49 Installing the EPICenter Software EPICenter Software Licensing In order to log in to the EPICenter server from an EPICenter client, the product must be configured with a valid license. Optional products such as the Policy Manager also require their own license keys. An evaluation license allows you to run the product for 30 days. A permanent license has no time limit. You can install the software without a license key, but you will not be able to connect to it from an EPICenter client. (If you need to install the product without a license key, you can add the key at a later time using a license key upgrade utility.) You must obtain both evaluation and permanent license keys from the Extreme Networks licensing web site. The license key should be sent to you as e-mail within minutes of submitting your request. Both evaluation and permanent license keys are 14-character keys that start with EP and are followed by 12 additional characters that are a combination of upper- and lower-case case alphabetic characters, numbers, and special characters such as “+” If you have purchased the product, you should have received an activation key, found on the License Agreement included in your software package. This key starts with “AC,” and can be used to obtain a permanent license key. You do not need an activation key to obtain an evaluation license key. NOTE See the EPICenter Release Note and Quick Start Guide shipped with the software for the latest information about obtaining a license key. Obtaining an Evaluation License To obtain an evaluation license key, use your browser to connect to the license page at http://www.extremenetworks.com/go/epickey.htm. Select the option to obtain an evaluation license key. You will be asked to enter your name, company information, and other similar information, and an e-mail address to which your license key should be sent. You license key will be sent to you by return e-mail. Obtaining a Permanent License To obtain a permanent license key, use your browser to connect to the license page at http://www.extremenetworks.com/go/epickey.htm. Select the option to obtain a permanent license key. Fill in the requested information, and enter your activation key. The activation key is a 14-character key that starts with “AC” and is found on the License Agreement included with your software package. Your permanent license key will be sent to you by return e-mail. Upgrading an Evaluation License To update an evaluation license of EPICenter to a permanent license, use the instlic utility. 50 EPICenter Software Installation and User Guide Upgrading from a Previous Release In Windows, run the instlic command using the Run command from the Windows Start menu, or from an MS-DOS command window. From Solaris, run the command from a command shell. The instlic utility is found in the EPICenter install directory, by default c:\Program Files\Extreme Networks\EPICenter 4.1\ in Windows, or /opt/extreme/epc4_1 on a Solaris system. Enter the command followed by the 14-character license key, as follows: instlic <license_key> After you enter the new license key, you must logout of EPICenter and login again. See “Adding or Updating the License Key” on page 55 (for Windows) or “Adding or Updating a License Key” on page 61 (for Solaris) for further instructions. Adding a License for an Optional Product When you purchase a product option such as the EPICenter Policy Manager, you receive a separate key to enable the optional module. If you purchase the optional module at the same time as the main EPICenter software, you can use the use the optional module key when you do the EPICenter installation, and it will enable both the EPICenter software and the additional module. However, if you purchase the additional module at a later time, you must update your license key to enable the new module. To add a license key for an optional EPICenter product module, use the instlic utility. In Windows, run the instlic command using the Run command from the Windows Start menu, or from an MS-DOS command window. From Solaris, run the command from a command shell. The instlic utility is found in the EPICenter install directory, by default c:\Program Files\Extreme Networks\EPICenter 4.1\ in Windows, or /opt/extreme/epc4_1 on a Solaris system. Enter the command followed by the 14-character license key, as follows: instlic <license_key> After you enter the license key for the optional product, you must logout of EPICenter and login again. See “Adding or Updating the License Key” on page 55 (for Windows) or “Adding or Updating a License Key” on page 61 (for Solaris) for further instructions. Upgrading from a Previous Release If you have the previous software release installed, the installation script can also migrate your database information to the new EPICenter software version. The installation program detects the previously installed version and notifies you to proceed with the upgrade. For the EPICenter SE release 4.1, you can upgrade from EPICenter 3.1 or 4.0, but not from any earlier versions of the ExtremeWare Enterprise Manager software. If you are running one of the older versions (ExtremeWare Enterprise Manager 1.0, 1.1, 2.0, or 2.1) you must do a new installation of the EPICenter 4.1 software. EPICenter Software Installation and User Guide 51 Installing the EPICenter Software Installing on a Windows 2000 or Windows XP System The following sections assume that Microsoft Windows 2000 or Windows XP is already running. NOTE For information on installing and running Windows 2000 or Windows XP, refer to the documentation supplied with your Microsoft Windows software. To install the EPICenter software components under Windows 2000 or Windows XP, you must have administrator privileges on that system. If you have the previous software release installed, the installation script migrates your database information to the new EPICenter software version. CAUTION If you are running an evaluation version of the EPICenter software, DO NOT REINSTALL the EPICenter software to upgrade to a permanent license if you want to retain the information in your EPICenter database. Using the license installation utility will preserve the contents of the database. To update an evaluation copy of the EPICenter server to a licensed copy without reinitializing the database, follow the update procedure described in “Adding or Updating the License Key” on page 55. NOTE If you already installed the EPICenter client software, you must UNINSTALL the client software before you begin the EPICenter server installation. To install the EPICenter server, follow these steps: 1 Close any open applications. 2 Insert the CDROM into the CDROM drive. 3 In most cases, the Extreme Networks EPICenter Welcome screen appears automatically. If it does not: a Open My Computer or Windows Explorer, and go to your CDROM drive. b Go to the nt directory, open the server sub-directory, and start Setup.exe. The EPICenter Welcome screen appears. 4 Follow the on-screen instructions to progress through the Welcome screen. 5 If you have a previous version of EPICenter installed, you are notified that the services will be stopped in order to install the new EPICenter software. If this is acceptable, click Yes. 6 Click Yes to accept the license agreement. 7 Enter your company information. 8 Enter your license key and click Next to continue. The license key is a case-sensitive string starting with “EP” and followed by 12 characters (a mixture of uppercase and lowercase letters, numbers, and special characters) that you obtained from the Extreme Networks web site. 52 EPICenter Software Installation and User Guide Installing on a Windows 2000 or Windows XP System The license key is NOT the same as the activation key, which starts with “AC,” and found on the License Agreement shipped with your purchased product. You use the activation key to obtain a permanent license key from the Extreme Networks web site at http://www.extremenetworks.com/go/epickey.htm See “EPICenter Software Licensing” on page 50, or the EPICenter Release Note and Quick Start Guide for details on obtaining an evaluation or permanent license key. If you have purchased the EPICenter software and an additional module such as the Policy Manager, you can use the key you received for the optional module here. It will enable both the EPICenter software and the additional module. If you do not yet have a key, you can still install the product, and then update the key later using the instlic.exe utility. See “Adding or Updating the License Key” on page 55. — To skip entering a key, leave the field blank and click Next. — A warning box pops up; click OK to continue. 9 In the Destination dialog box, choose one of two options: — Accept the default target drive and folder displayed in the Destination Directory box. — Click Browse and select or enter a new folder, a new drive, or both and click Next. If you are installing on a disk that uses the FAT file system rather than the NTFS file system, a warning message pops up when you click Next. This is because under the FAT file system, the EPICenter software can take up as much as 20% of your partition, regardless of the partition size. In the Database Server Information dialog box, enter a number in the Port field for the TCP port that the EPICenter Web Server will use to communicate with the database, or accept the default (10553). You can use any port number (a number between 1024 and 65535 is recommended), except a port number already in use by another process. NOTE Extreme Networks recommends that you choose a port number that is not currently registered at Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to http://www.iana.org/numbers.html. 10 When the Automatic Information Updates dialog box appears, as shown in Figure 8, click Yes to enable automatic updates or click No to disable automatic updates. Figure 8: Automatic Information Updates EPICenter Software Installation and User Guide 53 Installing the EPICenter Software 11 In the Get HTTP Port dialog box, you are asked for two ports that the EPICenter Web Server will use: — The HTTP Port for communication with clients (default 80). — The Admin Port used by the EPICenter web server (default 8009). Accept any or all of the default port numbers, or enter different port numbers. You can use any port number (a number between 1024 and 9999 is recommended) except: — The port number you just entered for the database TCP port. — Any port number already in use by another process. 12 If there is an EPICenter server (versions 4.0 and earlier) running as a service, a notice appears advising you that the services are being shut down. The installation software then copies the EPICenter program files from the CD to your system. 13 When the files have been copied, the Install as a Service dialog box asks if you want to install the EPICenter database and web server components as Windows services. — Click Yes to install the EPICenter components as services. This is strongly recommended. If the EPICenter components run as services, they will be started automatically on system boot, and will persist across user logins and logouts. NOTE You must have Administrator privileges to install the EPICenter components as services. In addition, if you want to be able to import user and host information from a Windows NT Domain Controller, the EPICenter server must run with permissions that allow it to get user information from a Domain Controller. — Click No if you do not want to install the components as services. 14 If you are upgrading from the previous release of the EPICenter software, you are asked whether you want to copy the database and other persistent data to the new installation. Click Yes to copy the data, or No to continue without doing so. If you answer Yes, an MS-DOS window will appear briefly while the database contents are dumped from the old database and loaded into the new database. NOTE This installation utility will upgrade the database from EPICenter 3.1 or 4.0 to EPICenter 4.1. Database upgrades from earlier versions are not supported. 15 If you elect to copy your previous data, the EPICenter installation process also notifies you that you must copy from the old installation any switch software image files or report files you may have modified or added. The installation process does not copy these files. You can do this after the installation has finished. 16 The installation procedure now installs the license key. An MS-DOS window will appear briefly while this occurs. If the license key you entered is invalid, an error window pops up. If you did not enter a license key, a warning pops up. In either case, you can use the instlic utility to enter a valid license key after you have completed your installation. 54 EPICenter Software Installation and User Guide Installing on a Windows 2000 or Windows XP System 17 In the final dialog box, EPICenter Setup Complete, you can do the following. — Click the checkbox to indicate you want to view the Readme file. — If you have installed the EPICenter components as services, click the second checkbox to indicate you want your system to be restarted. If you choose not to restart your system at this time, you must either restart the server or start the services manually before you can log in to the EPICenter server from a client. — Click Finish to complete the installation process. 18 If you added or modified any reports, or added new switch software images to the previous EPICenter installation, you should copy these files to the new installation. You must manually copy the following files: • Image files you have placed in the subdirectories under the <EPICenter_install_dir>\user\tftp directory • Reports you have modified or added in the <EPICenter_install_dir>\user\reports\html or <EPICenter_install_dir>\user\reports\tcl directories Copy these to the corresponding directories in the new installation. Adding or Updating the License Key To update an evaluation license of EPICenter to a permanent license, or to install a license key after the original installation is complete, use the instlic utility provided. CAUTION DO NOT reinstall the software if you have any data or configurations of value in the EPICenter database. Re-installation will re-initialize the database. To update your license key, follow these steps: 1 Select Run... from the Start menu, or start an MS-DOS command window. NOTE Because you must enter the license key on the command line, you cannot run this utility from a Windows Explorer or My Computer window. 2 Enter the command <EPICenter_install_dir>\instlic <key> <EPICenter_install_dir> is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the path is c:\Program Files\Extreme Networks\EPICenter 4.1\ <key> is the 14-character license key, starting with “EP,” that you obtained from Extreme Networks. Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is case sensitive. For example: c:\Program Files\Extreme Networks\EPICenter 4.1\instlic EP1a2B3c4D5+eF If the license update is successful, the message “License Installed” is displayed. If the update is not successful, the message “Invalid argument key : <key>” is displayed. <key> is the license key you entered with the instlic command. Verify that you typed the key exactly as shown in the e-mail you received from Extreme Networks. Make sure you log out and log back in to EPICenter to enable the new module. EPICenter Software Installation and User Guide 55 Installing the EPICenter Software Installing on a Solaris System The EPICenter server software, version 4.1, is supported under Solaris 7 and Solaris 8. See “Server Requirements” on page 48 for the hardware requirements. Also, check the EPICenter Release Note and Quick Start Guide for any additional issues. Required Patches The Solaris 7 or Solaris 8 operating environment requires patches for the EPICenter software to function properly. Make certain these patches have been installed before you install the EPICenter server software. For the most current information on required patches, see the EPICenter Release Note and Quick Start Guide that accompanies your EPICenter software, or the Extreme Networks web site at www.extremenetworks.com. Sun Microsystems makes these patches available on the Java download site in the form of tar files. They can be found at: http://www.sunsolve.sun.com/pub-cgi/show.pl?target=patches/J2SE On this page, select Java 2 Standard Edition (J2SE) 1.3.0_03 Production Release for Solaris, English, SPARC Edition. The patches listed for this release apply to the 1.3.1 Plug-in as well. You must register or log in, and then you will be presented with the download page that includes Solaris patch bundles. Local Name Resolution The Solaris system on which EPICenter is installed must be able to resolve both its own local name and its domain name. For example if you install EPICenter on a system named system1, then it must be able to resolve both system1 and its domain name, such as system1.company.com. You can test for this by attempting to ping the system using both the local name and the domain name. If there are problems resolving either of these names, make sure the /etc/hosts file contains the correct information. Installing the EPICenter Server The instructions that follow assume that you are running in a command shell or Xterm window. You can install the EPICenter components without being logged in as root, as long as you do not use port numbers less than 1024 (for example, port 80 for the EPICenter web server, which is the default). CAUTION When you install the EPICenter Server, it initializes the database. If you attempt to re-install the server once you have installed it, the installation process reinitializes the database, and your existing data and configurations will be lost. To update an evaluation copy of the EPICenter software to a licensed copy without reinitializing the database, follow the update procedure described in the section “Adding or Updating a License Key” on page 61. 56 EPICenter Software Installation and User Guide Installing on a Solaris System NOTE If you already installed the EPICenter client software, you need to UNINSTALL the client software before you begin the EPICenter server installation. To install the EPICenter server software, follow these steps: 1 Insert the CDROM into the CDROM drive. 2 If you are running CDE, the contents of the CDROM are displayed in the File Manager. Go to the sol directory. To run from an Xterm window: cd /cdrom<x>/sol where <x> is your CDROM drive number (e.g. cdrom0). The volume label of the installation CD is epc41b<xx>, where <xx> is the build number, for example epc41b34. 3 To install the server, change to the server directory: cd server To install the client, change to the client directory: cd client 4 Run the installation script: ./install.sh The EPICenter Welcome message appears as follows: ****************************************************************** Welcome to the Extreme Networks EPICenter install program. This program will install: EPICenter version 4.1.0 on this system. ****************************************************************** Please review the following software license terms and conditions. You will need to accept this license to continue the installation. Press space to page through the license. Press <enter> to view the license: 5 When you press [Enter], the text of the license is displayed. You can use the space bar to page through it. When you reach the end, you are asked: Do you agree to the above conditions? (Y/N): 6 Enter Y if you agree and want to proceed. Enter N to terminate the installation process. This question does not have a default, you must enter Y or N. 7 Next, you are prompted for the directory where the EPICenter server software should be installed: Please enter the directory in which the software will be installed. The default directory is /opt/extreme/epc4_1, but the product may be installed anywhere. EPICenter Software Installation and User Guide 57 Installing the EPICenter Software Install Directory [/opt/extreme/epc4_1]: Enter the directory or accept the default (/opt/extreme/epc4_1). NOTE Make sure there are no spaces in the directory names. If you specify a directory that does not exist, you are asked whether it should be created: /opt/extreme/epc4_1: No such directory. Do you wish to create it? (y/n)[y] Assuming you want to create the directory, accept Y as the default. If you answer N, the script will assume the directory already exists. 8 The installation script now copies and installs the EPICenter files: Installing EPICenter files... After copying a number of files, the following message appears: File copy complete. Configuring Installation. At this point additional files are copied and the EPICenter installation tree is created, and filled out. This will take several minutes. When the files are complete, you are asked for a set of configuration information. To configure EPICenter, we will need to ask you for some information. the default answers will work correctly. In most case 9 First you are asked whether you want to upgrade from a previous installation of EPICenter. You can upgrade from EPICenter 3.1 or EPICenter 4.0. *** Upgrade Parameters If there is a previous installation of EPICenter installed, you may import the database from the previous installation. If there is no previous install, or you would like to start from scratch, select new installation. Would you like to upgrade from a previous install? (Y/N) [N]: Answer Y to upgrade. If you answer Yes, the install script asks for the location of the previous version of EPICenter. Old install directory [/opt/epc4_0]: Accept the default or enter the actual location (full path name). 10 Next, you are asked for a license key. *** License Key Please enter the license key for the product. This will be a string starting with EP followed by 12 characters. To obtain a license (evaluation or permanent) visit the web site http://extremenetworks.com/go/epickey.htm Refer to the product release notes for more information on obtaining a license key. Enter s to skip and install the license later. 58 EPICenter Software Installation and User Guide Installing on a Solaris System Please enter the license key: The license key is NOT the same as the activation key, which starts with “AC,” and is found on the License Agreement shipped with your purchased product. You use the activation key to obtain a permanent license key from the Extreme Networks web site at http://www.extremenetworks.com/go/epickey.htm See “EPICenter Software Licensing” on page 50, or the EPICenter Release Note and Quick Start Guide for details on obtaining an evaluation or permanent license key. If you do not yet have a key, you can still install the product, and then update the key later using the instlic utility. See “Adding or Updating a License Key” on page 61. If you have purchased the EPICenter software and an additional module such as the Policy Manager, you can use the key you received for the optional module here. It will enable both the EPICenter software and the additional module. 11 When the Automatic Information Updates dialog box appears, answer Y to enable automatic updates or N to disable automatic updates. 12 Next, you are asked to enter a port for communication between the Web server and the database server: *** Database Parameters EPICenter will run an SQL database server on this machine. The database needs the name of this machine and an unused port to listen on. Please enter the port for the database: [10553] Accept the default (10553) for the TCP port that the EPICenter Web Server will use to communicate with the database, or enter a different port number. You can use any port number (a number between 1024 and 65535 is recommended) except a port number already in use by another process. NOTE Extreme Networks recommends that you choose a port number that is not currently registered at Internet Assigned Numbers Authority (IANA). To check if a port number is registered, go to http://www.iana.org/numbers.html. 13 You are now asked for three ports that the EPICenter Web Server will use. *** Web Server Parameters EPICenter runs as a web server and by default accepts HTTP requests on port 80. You may specify an alternative. Additionally EPICenter needs another unused port for server administration. If you are not sure what to enter, the defaults should be acceptable. Please enter the http port for the web server: [80] Please enter the http port for the admin web server: [8009] Accept any or all of the default port numbers, or enter different port numbers. You can use any port number (a number between 1024 and 9999 is recommended) except: — The port number you just entered for the database TCP port. — Any port number already in use by another process. EPICenter Software Installation and User Guide 59 Installing the EPICenter Software 14 Finally, you are asked to confirm the configuration parameters: *** Configuration Please review the following items. Upgrade License Database Port HTTP Port HTTP Admin Port = = = = = NO <the <the <the <the key you entered or “s”> port you entered or 10551> port you entered or 80> port you entered or 8007> Are these correct? (Y to accept / N to re-enter) [N]: 15 If you accept the parameters by entering Y, the installation script will finish with the following messages: Installing License... License properties = Type: License, Version: 4 License installed. Done. Updating ./extreme/WEB-INF/web.xml Updating ./tomcat/conf/server.xml If you are upgrading from an earlier version of EPICenter, you will also see the following: *** Database Upgrade Upgrading Database... Upgrading from EPICenter 4.0 Generating sql files... Dumping data from tables in old database ... Loading data into tables in new database ... Database Upgrade Complete. Next, you are asked to move or copy any previous switch software images or uploaded switch configuration files. from: /export/home/epc3_1/user/tftp to: /opt/extreme/epc4_1/user/tftp If you modified any reports or created custom reports, you are asked to move or copy these files from: /export/home/epc3_1/user/reports/html and /export/home/epc3_1/user/reports/tcl to /opt/home/epc4_1/user/reports/html and /opt/home/epc4_1/user/reports/tcl Next, the installation process creates a script and some symbolic links. Adding EPICenter to /etc/init.d Adding link from rc3.d to /etc/init.d/ Adding link from rc2.d to /etc/init.d/ 60 EPICenter Software Installation and User Guide Installing on a Solaris System 16 Finally, you are given the opportunity to have the EPICenter server started for you. Would you like to start the server now? (Y/N): n Answer Yes to start the server immediately, or No if you want to start it at a later time. The final messages are: The EPICenter software installation is complete. Once the server is running, you can run the client by executing the following command: opt/extreme/epc4_1/runclient Starting EPICenter server with /opt/extreme/epc4_1/runserv & Server output: *********************************************************** *********************************************************** INSTALL COMPLETE <host> is the name of the system you’ve just installed on, and <port> is the HTTP port you entered (or 80 if you accepted the default). Adding or Updating a License Key To update an EPICenter evaluation license to a permanent license, or to install a license key after the original software installation is complete, use the instlic utility provided. CAUTION DO NOT reinstall the software if you have any data or configurations of value in the EPICenter database. Re-installation will re-initialize the database. Run the installation script found in the EPICenter installation directory: <install_dir>/instlic <key> <install_dir> is the directory (path) where you installed the EPICenter components. <key> is the 14-character license key, starting with “EP,” that you obtained from Extreme Networks. Type the key exactly as it is shown in the e-mail you received from Extreme Networks. The key is case sensitive. For example, if you installed in the default directory, enter: /opt/extreme/epc4_1/instlic EP1a2B3c4D5+eF You must have write permission for the EPICenter install directory. If the license update is successful, the message “License Installed” is displayed in the xterm or command window. If the update is not successful, the message “Invalid argument key : <key>” is displayed. <key> is the license key you entered with the instlic command. Verify that you typed the key exactly as shown in the e-mail you received from Extreme Networks. EPICenter Software Installation and User Guide 61 Installing the EPICenter Software Setting Up SNMP Version 3 for Solaris and Windows To use SNMP Version 3 privacy, EPICenter supports SunJCE version 1.2.2. You can download SunJCE 1.2.2 from the following website: http://java.sun.com/products/jce/index-122.html To use SNMP V3, you should copy all four JAR files from the /lib directory to the following location on the EPICenter server: <epic_install_dir>/extreme/classes. You must also edit the following file: <epic_install_dir>/jre/lib/security/java.security so that the list of security providers is as follows: security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.crypto.provider.SunJCE security.provider.3=com.sun.rsajca.Provider Installing the EPICenter Client The EPICenter software provides two options for connecting to an EPICenter server from a client system: a stand-alone client application, or a browser-based client you can run from a web browser such as Microsoft Internet Explorer. On Solaris-based systems, only the stand-alone client is supported. NOTE The browser-based client is supported on Windows-based systems only. When you run the EPICenter stand-alone client on Solaris-based systems, unset the following localization environment variables: • LANG • LC_MONETARY • LC_NUMERIC • LC_COLLATE • LC_TIME • LC_CTYPE • LC_MESSAGES In order to run the EPICenter web browser client, web browser software must be installed. An EPICenter client can run on a system with a different operating system than the EPICenter server. Under Windows 2000 or Windows XP, install Microsoft Internet Explorer 6.0 or Internet Explorer 5.5 with Service Pack 1 and the Java Plug-in. To download the latest version of Internet Explorer, go to http://www.microsoft.com/ie/ 62 EPICenter Software Installation and User Guide Installing the EPICenter Client If you do not have the required Java plug-in installed when you start the EPICenter client, you will be prompted to download it, and will be led through the brief installation process. This obtains the plug-in from the Sun Microsystems web site, and requires Internet access. You can also install the Java Plug-in directly from the EPICenter browser-based client Start-up page. See Chapter 3 for details on starting the client and obtaining the plug-in, if needed. Installing the Stand-Alone Client Application on Windows 2000 or Windows XP The following instructions assume that Microsoft Windows 2000 or Windows XP is already running. NOTE If you installed the EPICenter server software, the client has already been installed as part of the server installation. Do not re-install the client. To install the stand-alone client application on a client-only workstation, do the following: 1 Close any open applications. 2 Insert the CDROM into the CDROM drive. 3 If the CD starts up automatically, click cancel to exit the server installation process, the do the following steps. If the CD does not start up automatically, follow these steps: a Open My Computer or Windows Explorer, and go to your CDROM drive. b Go to the nt directory, open the client sub-directory, and start setup.exe. The EPICenter Client Welcome screen appears. 4 Follow the on-screen instruction to progress through the Welcome screen. 5 Click Yes to accept the license agreement. 6 Enter your company information and click Next to continue. 7 In the Choose Destination Location dialog box, choose one of two options: • Accept the default target drive and folder displayed in the Destination Folder box. • Click Browse and select or enter a new folder, a new drive, or both. 8 In the Server Information dialog box, enter the name or IP address of the server to which you want to connect into the Server field. Enter the HTTP port to use to connect to the server in the HTTP Port field. The port must match the HTTP port configured for the EPICenter server that you entered into the Server field. The default is port 80. Click Next to continue the client installation process. NOTE You must enter both the Server and HTTP port information, or leave both fields empty. If you leave the fields empty, you can enter the server and port information each time you run the client. 9 The installation software then copies the EPICenter Client files from the CD to your system. EPICenter Software Installation and User Guide 63 Installing the EPICenter Software 10 In the final dialog box, Setup Complete, you can do the following: • Click the checkbox to indicate you want to view the Read Me file and start the EPICenter client application. • Click Finish to complete the installation process. Installing the Stand-Alone Client Application in the Solaris Operating Environment The instructions that follow assume that you are running in a command shell or Xterm window. NOTE If you installed the EPICenter server software, the client has already been installed as part of the server installation. Do not re-install the client. To install the stand-alone client application on a client-only workstation, do the following: 1 Insert the CDROM into the CDROM drive. 2 If you are running CDE, the contents of the CDROM are displayed in the File Manager. Go to the sol directory, then to the client sub-directory. To run an Xterm window: cd /cdrom<x>/sol/client where <x> is your CDROM drive number (e.g. cdrom0). The volume label of the installation CD is epc41b<xx>, where <xx> is the build number, for example epc41b34. 3 Run the installation script: ./client.sh The EPICenter Client Welcome message appears as follows: ****************************************************************** Welcome to the Extreme Networks EPICenter Client install program. This program will install: EPICenter Client version 4.1.0 on this system. ****************************************************************** Please review the following software license terms and conditions. You will need to accept this license to continue the installation. Press space to page through the license. Press <enter> to view the license: 4 When you press [Enter], the text of the license is displayed. You can use the space bar to page through it. When you reach the end, you are asked: Do you agree to the above conditions? (Y/N): 5 Enter Y if you agree and want to proceed. Enter N to terminate the installation process. This question does not have a default, you must enter Y or N. 64 EPICenter Software Installation and User Guide Installing the EPICenter Client 6 Next, you are prompted for the directory where the EPICenter Client software should be installed. Please enter the directory in which the software will be installed. The default directory is /opt/extreme/epc4_1_client, but the product may be installed anywhere. Install Directory [/opt/extreme/epc4_1_client]: Enter the directory or accept the default (/opt/extreme/epc4_1_client). NOTE Make sure there are no spaces in the directory names. If you specify a directory that does not exist, you are asked whether it should be created: /opt/extreme/epc4_1_client: No such directory. Do you wish to create it? (y/n) [y] Assuming you want to create the directory, accept Y as the default. If you answer N, the script will assume the directory already exists. 7 The installation script now copies and installs the EPICenter Client files: Installing EPICenter Client files... After copying a number of files, the following message appears: File copy complete. Configuring Installation. At this point, additional files are copied and the EPICenter Client installation tree is created and filled out. This will take several minutes. When the files are complete, you are asked for a set of configuration information. To configure the EPICenter client, we will need to ask you for some information. In most case the default answers will work correctly. Please enter the host name for the EPICenter server: [] localhost Please enter the http port for the EPICenter server: [80] The Server Name is the server name or IP address of the EPICenter server to which the client should connect. The Server Port is the HTTP port that the client will use to communicate with the server (default is 80). 8 You are asked to confirm the configuration parameters: *** Configuration Please review the following items. Server Name Server Port = localhost = 80 Are these correct? (Y to accept / N to re-enter) [N]: 9 If you accept the parameters by entering Y, the installation script will finish with the following message: Would you like to start the client now? (Y/N): Enter Y to start the EPICenter client now, or N to start it at a later time. EPICenter Software Installation and User Guide 65 Installing the EPICenter Software The final messages are: The EPICenter Client software installation is complete. INSTALL COMPLETE When you run the EPICenter stand-alone client on Solaris-based systems, unset the following localization environment variables: • LANG • LC_MONETARY • LC_NUMERIC • LC_COLLATE • LC_TIME • LC_CTYPE • LC_MESSAGES Uninstalling the EPICenter Software To uninstall the EPICenter software, you must first shut down the server components (database and web server). Then you can remove the program components from your system. Uninstalling the EPICenter Server on Windows 2000 or Windows XP Using the Windows Operating Systems versions, you can run the EPICenter server components as services, or as regular applications. The uninstall procedure is slightly different for these two situations. To uninstall the EPICenter server software and all of the EPICenter components, including the stand-alone client, do the following: 1 Shut down the EPICenter components if they are still running. If they are running as services: a From the Start menu, highlight Settings, then select the Control Panel. b Double-click Services to display the Services Properties window. c Highlight EPICenter 4.1 Server and click Stop to stop the EPICenter 4.1 Server d Stop the EPICenter 4.1 Database Engine in the same manner. If they are running as applications: a From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1, then select Stop EPICenter 4.1 Server. This opens an MS-DOS command window and shuts down the EPICenter server and database. 2 From the Control Panel folder, double-click Add/Remove Programs. This displays the Add/Remove Program Properties window (Add/Remove Programs window under Windows 2000 and Windows XP). 3 From the list of installed programs, select EPICenter 4.1 and click Add/Remove (or Change/Remove in Windows 2000 or Windows XP). Follow the instructions to remove the component. 66 EPICenter Software Installation and User Guide Uninstalling the EPICenter Software 4 If the Add/Remove utility is not able to remove all the files, it will inform you of that fact. You must then delete the remaining files manually. Uninstalling the EPICenter Stand-Alone Client Application on Windows 2000 or Windows XP To uninstall the stand-alone client on a client-only workstation, do the following: 1 From the Control Panel folder, double-click Add/Remove Programs. This displays the Add/Remove Program Properties window (Add/Remove Programs window under Windows 2000 or Windows XP). 2 From the list of installed programs, select EPICenter 4.1 Client Application and click Add/Remove (or Change/Remove in Windows 2000 or Windows XP). Follow the instructions to remove the application. 3 If the Add/Remove utility is not able to remove all the files, it will inform you of that fact. You must then delete the remaining files manually. Uninstalling the EPICenter Server in Solaris To remove the EPICenter server software from a Solaris host, stop the server using the stopserv command, then remove the all the files in the installation directory. To remove the EPICenter server software, including the stand-alone client, follow these steps: 1 Run the stopserv command found in the root installation directory. The installation directory is the directory (path) where you installed the EPICenter components. For example, if you installed in the default directory, enter: /opt/extreme/epc4_1/stopserv This shuts down the EPICenter server if it is running. 2 Make the parent of the installation directory the current directory, and remove all files from the directory and its sub-directories. For example, if you installed using the default directory path, /opt/extreme/epc4_1, enter: cd opt 3 Remove all files from the installation directory tree. For example, if you installed using the default directory path, enter: rm -rf epc4_1 This removes all the EPICenter components, including the database and the stand-alone client, from the system. 4 The EPICenter installation created a script, EPICenter, in the /etc/init.d directory, and links to /etc/init.d in the /etc/rc2.d and etc/rc3.d directories. You should remove these as well: cd /etc/init.d rm EPICenter cd /etc/rc2.d rm K10EPICenter cd /etc/rc3.d rm S90EPICenter EPICenter Software Installation and User Guide 67 Installing the EPICenter Software The EPICenter software is now completely uninstalled. Uninstalling the EPICenter Stand-Alone Client Application in Solaris To uninstall the stand-alone client on a client-only workstation, do the following: 1 Make the parent of the installation directory the current directory, and remove all files from the directory and its sub-directories. For example, if you installed using the default directory path, /opt/extreme/epc4_1_client, enter: cd opt 2 Remove all files from the installation directory tree. For example, if you installed using the default directory path, enter: rm -rf epc4_1_client This removes the EPICenter stand-alone client from the system. 68 EPICenter Software Installation and User Guide 3 Starting EPICenter This chapter describes: • Starting the EPICenter Server. • Launching an EPICenter Client. • Navigating the EPICenter pages. When you log in for the first time after installing the EPICenter server software, there are only two user accounts enabled—an Administrator account “admin,” and a user account “user” with Monitor access privileges. Neither account has a password. Follow the instructions in Chapter 16 to change the admin password and to create additional EPICenter user accounts. Running the EPICenter Server Software under Windows The following instructions assume that the Windows 2000 or Windows XP operating system is already running, and that the EPICenter server software is already installed. If you have installed the EPICenter components as services under Windows 2000 or Windows XP, the EPICenter Server and database component will start automatically when you boot the server. This is the recommended method of installing EPICenter. Starting the EPICenter Server If you have not installed the EPICenter server components as a service, you must start the server manually after you boot your server system. You can do this from the Windows Start menu. The EPICenter Server consists of two components: • The EPICenter Database Engine • The EPICenter Web Server Both components must be running in order to run the EPICenter client applets. EPICenter Software Installation and User Guide 69 Starting EPICenter To start the EPICenter Server and database components, follow these steps: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to display the EPICenter menu. 2 Click Start EPICenter 4.1 Server. This runs runserv.exe, a program that starts the two components in the required order. Two windows are displayed briefly as the EPICenter Server starts up: • Sybase Adaptive Server Anywhere. An icon representing this window is placed on the right side of the Windows task bar. • An MS-DOS window that shows the processes being started. If you need to start the server manually, you can use the runserv command in an MSDOS command window to start the server: 1 Change to the EPICenter install directory, cd <EPICenter_install_directory> 2 Enter the command runserv You can also select Run from the Start menu and enter the command <EPICenter_install_directory>\runserv Shutting Down the EPICenter Server Components There may be occasions when you need to shut down the EPICenter server, such as to upgrade a license key from an evaluation to a permanent license, or to add an optional module license. Components Running as Services If the EPICenter server components are running as services, follow these steps to shut them down: 1 Open the Control Panel folder. 2 From the Control Panel, double-click Administrative Tools. 3 From Administrative Tools, double-click Services. This displays the Services Properties window. You must have Administrator privileges to access this function. 4 From the list of installed programs select EPICenter 4.1 Server and click Stop. 5 Repeat the same actions for the EPICenter 4.1 Database Engine. The EPICenter 4.1 server should be stopped before the database to avoid error messages. Components Running as Applications If the EPICenter server components are running as applications, you can shut it down directly from the EPICenter programs menu. 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to display the EPICenter menu. 2 Click Stop EPICenter 4.1 Server. This runs stopserv.exe, a program that starts the two components in the required order. 70 EPICenter Software Installation and User Guide Running the EPICenter Server Software under Solaris Restarting the EPICenter Server Components as Services If you have installed the EPICenter server components as services, follow these steps to restart them: 1 From the Start menu, open the Control Panel folder. 2 From the Control Panel, double-click Administrative Tools. 3 From the Administrative Tools folder, double-click Services. This displays the Services Properties window. You must have Administrator privileges to access this function. 4 From the list of installed programs select EPICenter 4.1 Database Engine and click Start. 5 Repeat the same action for the EPICenter 4.1 Server 6 If you want to change the start-up parameters, click Properties... instead of Start. For example, if you plan to import users from an NT Domain Controller through the Grouping Manager, the EPICenter 4.1 server must be running with permissions that enable it to get user information from the Domain Controller. If you do not have those permissions as you are currently logged on, you can specify a different log on account for the EPICenter web server as a start-up parameter: — In the Log On As: section of the Startup... pop up window, enter the account name and password for a user that has the appropriate permissions to access the Domain Controller. Running the EPICenter Server Software under Solaris The following instructions assume that you are using a command or Xterm window running the C shell. Starting or Restarting the EPICenter Server To run the EPICenter Server: 1 Set the current directory: cd <install_dir> <install_dir> is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the path is /opt/extreme/epc4_1. 2 Execute runserv to start the two EPICenter components in the required order. runserv & Shutting Down the EPICenter Server Components To shut down the EPICenter Server: 1 Set the current directory: cd <install_dir> <install_dir> is the directory (path) where you installed the EPICenter components. If you installed in the default directory, the path is /opt/extreme/epc4_1. 2 Execute stopserv to shut down the EPICenter components in the required order. stopserv & EPICenter Software Installation and User Guide 71 Starting EPICenter The EPICenter Client On Windows 2000 or Windows XP systems, the EPICenter software provides two options for connecting to an EPICenter server from a client system: • A stand-alone client application. This is the recommended client option. • A browser-based client you can run from Microsoft Internet Explorer. On Solaris-based systems, only the stand-alone client is supported. The stand-alone client is installed along with the EPICenter server on the system where the server resides. The stand-alone client can also be installed by itself on any system you want to use as an EPICenter client. See Chapter 2 for instructions on installing the client on a system without the EPICenter server. For Windows 2000 or Windows XP, the browser-based client is a Java applet that is downloaded from the EPICenter server whenever you run it, and requires the following software on the client: • Internet Explorer 5.0, or Internet Explorer 5.5 with Service Pack 1, and the Java 1.3.1_03 plug-in. Running the EPICenter Stand-alone Client To start the EPICenter stand-alone client interface on a system different from where the EPICenter server is installed: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 Client to display the EPICenter Client menu. 2 Select Client Application to start the EPICenter client. An MS-DOS window appears briefly before the EPICenter Client Login window opens, as shown in Figure 9. To run the stand-alone client on the same system as the EPICenter server: 1 From the Start menu, highlight Programs, then Extreme Networks, followed by EPICenter 4.1 to display the EPICenter menu. 2 Select EPICenter 4.1 Client to start the EPICenter client. If you need to start the client manually, you can use the runclient command in an MSDOS command window to start the server: 1 Change to the EPICenter install directory, cd <EPICenter_install_directory> 2 Enter the command runclient You can also select Run from the Start menu and enter the command <EPICenter_install_directory>\runclient 72 EPICenter Software Installation and User Guide Running the EPICenter Stand-alone Client Figure 9: EPICenter installed client Login window 3 In the Server Hostname field, type the name or IP address of the server you want to connect to. If you are running the client on a system where an EPICenter server is installed, that server name will appear by default in the Server Hostname field. 4 Type the HTTP port to use to connect to the server in the HTTP Port field. The default is port 80. The port must match the HTTP port configured for the EPICenter server. 5 If you already have an EPICenter user account, type your EPICenter user name in the User field. • If you are the network administrator logging in to the EPICenter server for the first time since it has been installed, log in as “admin.” You will be able to change the administrator password (strongly recommended) and to create additional user accounts. • If you are a new user without your own account on the EPICenter server, type “user” as the User Name. You will be able to view information in the various modules, but will not be able to change any configurations. 6 Type your password in the Password field. Both default names (“user” and “admin”) initially have no password, so you can leave the field blank. 7 Click Login. If you are using an evaluation copy of the EPICenter, a dialog box appears notifying you how much longer the copy is valid. Click OK. The Network Summary Report page appears, as shown in Figure 12 on page 77. For information on the Network Summary Report, see “The Network Status Summary Report Page” on page 77. When you disconnect from an EPICenter server, the Login page appears again, allowing you to log in again, to the same server or to a different EPICenter server. EPICenter Software Installation and User Guide 73 Starting EPICenter To exit the EPICenter client, click Quit. To view the EPICenter version information, click About. Viewing Reports from the Stand-Alone Client EPICenter’s HTML reports are always displayed in a browser window, even if you are running the stand-alone client. See “Browser Requirements for Reports” on page 49 in Chapter 2 for supported browsers. Running the EPICenter Client in a Browser NOTE The browser-based client is supported on Windows-based systems only. To start the EPICenter client in a browser window: 1 Launch your web browser. 2 Enter the following URL: http://<host>:<port>/ In the URL, replace <host> with the name of the system where the EPICenter server is running. Replace <port> with the TCP port number that you assigned to the EPICenter Web Server during installation. NOTE If the EPICenter server uses the default web server port, 80, you do not need to include the port number. The EPICenter Start-up page opens. Figure 10 shows the Start-up page in Internet Explorer under Windows. 74 EPICenter Software Installation and User Guide Running the EPICenter Client in a Browser Figure 10: The EPICenter browser client start-up page From the Start-up page you can run the EPICenter client interface, view the online documentation, or log into the EPICenter reports module. • To launch the EPICenter client interface, click the Launch EPICenter link. This requires that the Java Plug-in version 1.3.1_03 be installed in your browser. If the required version of the plug-in is not installed, you will be prompted to download it, and will be led through the brief installation process. This obtains the plug-in from the Sun Microsystems web site, and requires Internet access. You can also install the Java Plug-in directly, if you know you do not have the correct version installed, or if you encountered problems downloading it. Click the Get Java PlugIn link, which will install the required version from the EPICenter server installation. This requires access to the system where the EPICenter server is installed, and does not require Internet access. The EPICenter Login page appears, as shown in Figure 11. • From the start-up page you can view a variety of reports about EPICenter devices and functions, without requiring the Java Plug-in. Click the View Reports link to log into the EPICenter Reports applet, which provides a number of HTML-based reports. See Chapter 17 for more information on using these reports. • Click the View Documentation link to display the online EPICenter Software Installation and User Guide. This requires that you have a copy of Adobe’s Acrobat Reader (version 4.0 or later) installed. If you do not have the Acrobat Reader installed, you can download it free of charge from Adobe’s web site, at http://www.adobe.com. EPICenter Software Installation and User Guide 75 Starting EPICenter Figure 11: The EPICenter browser client login page To log into EPICenter: 1 If you already have an EPICenter user account, type your EPICenter user name in the User Name field. • If you are the network administrator logging in to the EPICenter server for the first time since it has been installed, log in as “admin.” You will be able to change the admin password (strongly recommended) and to create additional user accounts. • If you are a new user without your own account on the EPICenter server, type “user” as the User Name. You will be able to view information in the various modules, but will not be able to change any configurations. 2 Type your password in the Password field. Both default names (“user” and “admin”) initially have no password, so you can leave the field blank. 3 Click Login. If you are using an evaluation copy of the EPICenter, a dialog box appears notifying you how much longer the copy is valid. Click OK. The Network Summary Report page appears, as shown in Figure 12 on page 77. 76 EPICenter Software Installation and User Guide The Network Status Summary Report Page NOTE If you have problems with the client display the first time you try to run EPICenter after installing it, try clearing all browser cache (both memory and disk), then closing and re-opening the browser. The Network Status Summary Report Page The Network Status Summary Report page displays a simple HTML report with some basic statistics on the status of your network. Click on the description of the problem where it is underlined in the left-hand side of the page to display a detail report about a specific status item. Figure 12: The Network Status Summary Report page From this summary report you can view the following reports: • Summary status of the devices known to the EPICenter server that are not responding to EPICenter queries. • A summary of the reported to be in marginal condition (such as a problem with the fan, temperature, or power). • The number of devices that are offline for planned service. • A summary of critical alarms in the last 24 hours that have not been acknowledged. • A summary of Syslog messages with a priority of Critical or worse that occurred in the last 24 hours. • A summary of Invalid Login alarms that have occurred in the last 24 hours. EPICenter Software Installation and User Guide 77 Starting EPICenter • A summary of Authentication Failure alarms that have occurred in the last 24 hours. The Network Summary Report can also be accessed from the Reports applet. See Chapter 17 for a more detailed discussion of these reports. The Network Status Summary Report also provides version information about the EPICenter software running on your machine. The information reported includes: • Software—The EPICenter software. • Current Version—The version of software currently running. • Available Version—The number of the most recently available version of the software. • Status—The status of the software running on this machine. In order for your machine to verify the latest EPICenter software version, it must access the Extreme Networks website at http://www.extremenetworks.com. If your network uses a firewall, you can configure HTTP proxy properties using the Server Properties, External Connections option of the Admin applet. To configure an HTTP proxy device and port, see “External Connection Properties” on page 369. The Distributed Server Summary If you are running in a Distributed server configuration, a Distributed Server summary appears below the Network Summary, as shown in Figure 13. Figure 13: Distributed Server Summary Report 78 EPICenter Software Installation and User Guide The Network Status Summary Report Page Each row in the summary provides the status of one of the EPICenter server group members. It provides the following information about each server: • The server name. Clicking on the server name initiates the Dynamic Reports module for that server.You can then run any of the available HTML reports. • A link that can launch a client connection to the server. Clicking on the Client link launches a client that attempts to connect to that server. • The number of devices managed by the server that are up or down • The number of critical alarms that have occurred on devices managed by the server • The date and time of the last update of the server summary information for this server • The status of the server (whether it is responding to the periodic poll) The “About EPICenter” Page From the bottom of the Summary Report panel you can navigate to the About EPICenter page. The About EPICenter page, shown in Figure 14, provides information about the version of EPICenter that you are running. This information may be needed if it becomes necessary for you to contact Extreme Networks’ Technical Support. Figure 14: The About EPICenter page From this page you can do the following: • Access the online EPICenter Software Installation and User Guide. • Send e-mail to Extreme Networks’ technical support organization. • Return to the Network Summary Report page. EPICenter Software Installation and User Guide 79 Starting EPICenter Navigating the EPICenter Applications The EPICenter client consists of two frames: • The Navigation Toolbar, from which you can access the EPICenter applets • The Main Applet frame, where the currently active applet runs. The Navigation Toolbar The Navigation Toolbar, on the left, displays a set of buttons you can use to access various EPICenter modules. The buttons that appear in this Toolbar may include additional modules, such as the EPICenter Policy Manager, if you have a license for those modules. • Home returns you to the Network Summary Report display shown in Figure 15. From this page, you can access the About EPICenter page. Figure 15: The EPICenter Home page • Inventory runs the Inventory Manager, where you can discover devices on your network, and set up device groups and port groups so you can manage network elements in sets rather than individually. • Alarm runs the Alarm Manager, where you can view and browse alarms that have occurred on your network devices, as well as define alarms and the actions that should occur when an alarm happens. This button also indicates that a new alarm has been received by displaying its label in red text instead of black text. 80 EPICenter Software Installation and User Guide Navigating the EPICenter Applications • Config runs the Configuration Manager, where you can upload and download switch configuration files, and download ExtremeWare software to your switches. • Find IP/MAC runs the IP/MAC Address Finder applet, where you can search for the ports associated with one or more MAC or IP addresses, or identify the IP or MAC addresses connected to a set of ports. • Groups runs the Grouping applet. • Telnet runs an interactive Telnet application where you can create and run command-line macros on multiple devices in one operation. You can also establish telnet sessions with individual switches, both Extreme Networks and third-party devices. • EView runs the ExtremeView applet, where you can view status and statistics about your managed devices, and do Extreme device configuration through Extreme Networks’ interactive web-based device interface, ExtremeView Vista. • RT Stats runs the Real Time statistics applet, that provides graphs of various device and port statistics. • Topology runs the Topology applet, which gives you a hierarchical, logical map-based view of your network topology. • VLAN runs the VLAN Manager, where you can set up and manage VLANs. • ESRP runs the ESRP Manager, which lets your view the status of your ESRP-enabled switches and VLANs. • Admin runs the Administration module, where a user with Administrator access can administer EPICenter user accounts and the RADIUS server. Other users can change their own password using this applet. • STP runs the STP Monitor, which lets you view the status of devices and VLANs configured for STP. The devices must be running ExtremeWare 6.2.2 or later in order to be monitored by EPICenter. • Reports runs the Dynamic Reports module, where you can run a number of pre-defined HTML-based reports from data in EPICenter’s inventory database. You can also define your own reports. • Logoff ends your session and returns you to the Login display. NOTE Note that you must have Administrator or Manager access in order to use most of the functions of these applets. Users with Monitor access will be able to view status, statistics etc., but will not be able to set up or change EPICenter or device configurations. In addition to the applets described above, the Navigation Toolbar may include icons for other optional applications that have been integrated into the EPICenter server. These modules or products are typically purchased separately, and enabled via special license keys. Documentation for these modules is provided separately from the main EPICenter documentation. These include: • Policy runs the EPICenter Policy Manager, where you can define QoS policies and access list rules for implementation on Extreme Networks and Cisco devices. This applet is an optional module that is licensed separately. It requires the installation of a separate license key. This applet is not available in scalability mode. • ServiceWatch runs the EPICenter ServiceWatch software within the EPICenter client browser. ServiceWatch is not an EPICenter module, but a separate product. You can enable the integration into the EPICenter Navigation Toolbar through the Server Properties pages in the EPICenter Administration applet. EPICenter Software Installation and User Guide 81 Starting EPICenter Main Applet Frame The main applet frame is used to display the active EPICenter applet. For example, in Figure 16, the VLAN Manager is displayed in the main applet frame. Figure 16: VLAN Manager applet Applet function buttons Component Tree Component status/detail EPICenter applets use a two-panel display within the main applet frame. The two panels are: • The Component Tree. • A component status/detail information panel. In addition, some applets provide an applet-specific set of buttons at the top of the main applet frame. These provide access to specific applet functions, such as adding, deleting, or configuring components managed by the applet. Other applets provide tabbed pages for different functions within the applet. The Component Tree The left side panel shows the Component Tree. The Component Tree is a nested tree that displays the components known to the EPICenter database that are relevant to the active module. The Component Tree may display different types of components depending on which EPICenter module you are viewing. For example, in the Inventory Manager, the Component Tree shows all the Extreme and third-party devices known to the EPICenter. In the VLAN Manager, the Component Tree displays VLANs, as shown in Figure 16. In the Topology view, the Component Tree shows the maps nested within a topology view. The Component Tree often includes both folders and individual objects. If a component in the tree has a plus sign to its left, that means there are subcomponents nested below it. For example, if the component 82 EPICenter Software Installation and User Guide Navigating the EPICenter Applications is a VLAN, then it typically has Extreme switches as subcomponents. A switch may have ports as subcomponents, or slots which in turn have ports. • Click on the plus sign to display the nested subcomponents. The plus sign changes to a minus sign. • Click on the minus sign to hide the subcomponents. Most objects in the Component Tree are represented both by a text identifier and by a small icon that represents the type of object. Following are some examples of icons used in the Component Tree: indicates a device group. , , , and are examples of device icons. indicates an untagged VLAN, and , , , and is a tagged VLAN. are examples of folder icons. indicates a general-purpose group in the Grouping module. indicates a host resource in the Grouping module. indicates a user resource in the Grouping module. Devices are identified in the tree by their device name (as defined in the SysName MIB variable) and IP address. A user with administrator access can change this to reverse the order of the IP address and device name, or to display the device name only. This is done through a server property set in the Administration module. See “Other Properties” in Chapter 16 for details on how to do this. The Status/Detail Information Panel The right side panel displays information about the component selected in the tree on the left. For example, Figure 17 shows the Inventory Manager applet, with basic information about the devices known to the EPICenter. EPICenter Software Installation and User Guide 83 Starting EPICenter Figure 17: Inventory Manager applet • Click on a component in the Component Tree to display information about that component. In Figure 17, the selected component is the Default device group. The component status/detail panel displays summary status information about each device in this device group. A red circle with the white “S” next to a device indicates that the device is not reachable through SNMP. This indicator may appear in any of the applets where a list of switches is displayed. A grey circle means the device is offline. The buttons and frame contents change depending on which applet you are viewing, and also on the permissions associated with your user account. Moving the Component Tree Boundary You can move the boundary between the Component Tree panel and the main applet panel by following these steps: 1 Place the cursor over the line separating the panels. 2 Click and hold the left mouse button to “grab” the panel separator. 3 Drag the separator until the panels are the desired widths. Resizing Columns In a wide columnar display such as shown in Figure 17, you can resize the widths of each column. To do this, follow these steps: 1 Place the cursor over the line separating the column you want to resize from the column to its right. 2 Click and hold the left mouse button to “grab” the column separator. 3 Drag the separator until the column is are the desired width. 84 EPICenter Software Installation and User Guide Navigating the EPICenter Applications Sorting Columns You can sort the rows of a columnar display according to the contents of any individual column. • To sort the rows, click on the column heading you want to use as the sort criteria. Click once to sort in ascending order; click a second time to reverse the sort order. In most applets, the column that is currently being used as the sort criteria is indicated with a small triangle in the the column heading cell. The direction of the triangle (facing up or facing down) indicates whether the sort is ascending or descending. Applet Function Buttons For most EPICenter applets, stand-alone buttons at the top of the applet frame provide access to the functions provided by the current applet. Each button invokes a pop-up dialog box for the function, as shown in Figure 18. NOTE If you have Monitor access, some or all of the buttons in a given applet are not available to you. For example, in the VLAN Manager, a user with Monitor access can view information about the components in the Component Tree, but cannot Add, Delete, or Modify VLANs, or perform any port configurations. Figure 18: Pop-up dialog box for adding a VLAN in the VLAN Manager A dialog box can contain the following types of fields: • Page tabs, such as the Properties & Port and IP Forwarding tabs in Figure 18. These are used when there are multiple pages of settings for a specific function. Clicking a tab displays its page. • Text fields, such as the VLAN Name field in Figure 18. Enter text or numbers by clicking in the field and then typing. To clear a value from a text field, highlight the value with the cursor and press the Del or Backspace key on the keyboard. You can also highlight the value and just type a new value over the old one. EPICenter Software Installation and User Guide 85 Starting EPICenter • Drop-down menu fields, such as the Protocol Filter field in Figure 18. Click in the field to drop down a menu of choices, then click on your selection to enter the value into the field. • List box fields, such as the Available Switches field in Figure 18. Click to highlight a value in the field. Click again to unselect a value. If there are more entries in the list than can be displayed in the box, a scrollbar is provided at the right side of the field. Some list boxes allow multiple selections. Simply click on multiple items to select them. You can also use [Shift]-click to select the first and last items in a group of contiguous items; all the items between your first and last selection will be highlighted. To have the settings you’ve entered take effect, many dialog boxes provide an Apply button. This saves the settings on the page you are viewing, but the dialog box remains open so you can make additional changes or change the settings on one of the other pages. For example, you can specify a new VLAN on the Properties & Ports page as shown in Figure 18, click Apply to commit those settings, then display the IP Forwarding settings and make changes on that page. Other dialog boxes may provide a button that executes the function of the dialog, such as Add, or Delete. Like the Apply button, these often perform the function but leave the dialog box open so you can perform additional operations. Most dialog boxes also provide a Close button you can use to exit the dialog box when you are finished. In addition, most dialog boxes provide a Reset button. This typically restores the dialog box to the state it was in when it was invoked, clearing any selections on the screen and resetting the data to the current information from the EPICenter database. Printing from EPICenter Printing is not supported in most of the EPICenter applets. The exceptions are the RT Stats and Topology applets, which each provide a print function, and the HTML-based reports (the Network Summary report and the Reports described in Chapter 17. You can print the HTML reports using the browser print button. However, you should click in the panel where the report is displayed to ensure that only that panel will be printed. If you print without doing this, the Navigation Toolbar may not be refreshed, and you will need to refresh the client manually. 86 EPICenter Software Installation and User Guide 4 Using the Inventory Manager This chapter describes how to use the EPICenter Inventory Manager applet for: • Viewing the EPICenter device inventory • Discovering network devices • Adding network devices to the EPICenter database • Modifying device contact parameters • Deleting a device from the EPICenter database • Updating device information in the database • Creating default access parameters for network devices • Finding specific network devices in the database • Displaying device and device group parameters Overview of the EPICenter Device Inventory The Inventory Manager applet keeps a database of all the network devices managed by EPICenter. EPICenter can discover any devices running MIB-2 compatible agents. It can manage Extreme switches, and a number of third-party devices. The EPICenter software provides an automatic discovery function. This feature can discover Extreme and MIB-2 compatible devices by specific IP address or within a range of IP addresses. You can also add network devices to the EPICenter database manually, using the Inventory Manager Add function. Once a network device is known to the EPICenter database, you can assign it to a specific device group, and configure it using the Inventory Manager, VLAN Manager, Configuration Manager, Interactive Telnet, ExtremeView, or the optional Policy Manager. You can receive alarms about faults on the device, and you can view a hierarchical topology layout of the devices known to the Inventory Manager. Any EPICenter user can view status information about the network devices currently known to EPICenter. Users with Administrator or Manager access can run Discovery, and add devices to or delete devices from the list of managed devices in the database. These users can also explicitly refresh the information in the database related to the devices that the EPICenter is managing. EPICenter Software Installation and User Guide 87 Using the Inventory Manager Device Groups Devices in the EPICenter are organized into one or more device groups. A device group is a set of network devices that have something in common, and that can be managed as a group. For example, devices might be grouped by physical location (Building 1, Building 2, first floor, second floor) or by functional grouping (engineering, marketing, finance) or by any other criteria that makes sense within the managed network environment. An individual device can belong to multiple device groups. For example, a device could simultaneously be a member of Building 1, Marketing, and Edge Switches. Using device groups, you can monitor and maintain devices by group membership, instead of individually. All devices become members of a device group when they are added to the EPICenter database, either through Add Devices or as a part of the Discovery process. By default, devices are added to the device group “Default,” if you do not specify otherwise. A device may then be copied or moved to another device group, as appropriate. Gathering Device Status Information EPICenter retrieves information about the devices it manages in several ways: • EPICenter uses SNMP polling for the IP addresses specified in a Discovery request to retrieve the status information needed by the various EPICenter applets. • When a switch is added manually to the EPICenter database, EPICenter uses SNMP to retrieve status information needed by the various EPICenter applets. • Extreme switches send SmartTraps to EPICenter whenever a change occurs in a switch status variable in which the EPICenter has registered interest. These include changes to operating variables as well as configuration changes made through other management entities such as the switch command line interface or ExtremeWare Vista. These traps are based on a set of SmartTraps rules that the Inventory Manager creates on the switch when it is added to the switch inventory. The rules tell the switch what events or changes EPICenter wants to be notified about. The rules are created on the switch using SNMP. EPICenter also adds itself on the switch as a trap receiver. The switch uses the SmartTraps rules to determine what traps to send to EPICenter. When EPICenter receives a trap from a switch, it then polls the switch for detailed status information. • EPICenter polls every network device periodically (approximately every five minutes by default) to update basic switch status, which is a subset of the status and configuration information kept in the database. This poll interval is set globally for all devices being managed by the EPICenter server, and can be changed through the Server Properties settings in the Administration applet. See “Server Properties Administration” in Chapter 16. • The EPICenter server polls each device periodically for detailed status information. This is done much less frequently than the basic status polling—by default, once every 30 minutes for core (chassis) devices, and once every 90 minutes for edge devices. In EPICenter 4.1, the default is 90 minutes for both the core and edge devices. This poll interval can be set individually for devices through the Modify Device interface in the Inventory applet (see the discussion “Modifying a Device” on page 104). • A user with Administrator or Manager access can use the Sync command from the Inventory Manager. Sync is a manual update of the regular data gathering mechanisms, for use when the users believes that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. During a Sync operation the SmartTraps rules are also reset in case the user has accidentally deleted the trap receiver or any SmartTrap rules. 88 EPICenter Software Installation and User Guide Displaying the Network Device Inventory Displaying the Network Device Inventory When you click the Inventory button in the Navigation Toolbar, the main Inventory Manager page appears as shown in Figure 19. Figure 19: The Inventory Manager applet, main page NOTE You must add network devices to the database using Discovery or the Add Devices function in order to make them “known” to EPICenter. Until this is done, no devices are displayed in the Inventory Manager. The Device Groups currently defined in the EPICenter database are displayed in the Component Tree in the left panel. The panel on the right shows the All Device Groups page, a list of the currently defined device groups with their descriptions. The first time you run EPICenter, there is only one device group, Default. You cannot delete or change the name of the Default device group. Click on the plus sign to the left of a Device Group name to display the list of switches that are members of that group. A red circle with a white “S” next to a device indicates that the device is not reachable through SNMP. A grey circle indicates the device is offline for maintenance. EPICenter does not attempt to communicate with a device in the offline state. EPICenter Software Installation and User Guide 89 Using the Inventory Manager The buttons at the top of the page provide the following functions: • Discover lets you find network devices by IP address or range of addresses. • Add lets you add individual devices and device groups to the database. • Delete removes a device or device group from the database. • Modify lets you change the members of a device group, or update a device’s contact parameters in the database. • Sync updates the EPICenter database with current device configuration and status information. • Default lets you create default access parameters for network devices. • Find searches for devices by name, IP address, or device type, and returns information such as the device group(s) to which the device belongs. • Help displays an on-line help page for the Inventory Manager. Viewing Device Status Information When you select a device group in the Component Tree, the panel on the right displays a summary status of the devices in the selected device group (see Figure 20). Figure 20: Inventory Manager device group summary status • The status “lights” show the status of each device as detected by EPICenter. 90 EPICenter Software Installation and User Guide Viewing Device Status Information Table 3: Inventory Manager Device Status Indicators Status Light Green Yellow Grey Red Device Status Device is up and OK. Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature. Device is offline. EPICenter will not communicate with the device. You can create references to the device for alarms, policy, groups, device groups, RMON thresholds, and so on. The network state of the device, including port status, ESRP, configured VLANs, and STP is preserved when the device comes online. Device is not responding to EPICenter status queries. This may mean that the device is down, that it is unreachable on the network, or that the SNMP parameters have changed and EPICenter can no longer contact the switch. • The name and type of the device are detected by EPICenter. • The IP address, software version, SNMP version (version 1 or version 3), device login name, and setting for SSH2 are also detected by the EPICenter discovery process. If the switch was added using the Add command, the Inventory Manager shows the values manually entered into the EPICenter database manually. Select a switch in the Component Tree on the left to display detailed configuration and status information, as shown in Figure 21. This display shows additional information that EPICenter has gathered from the switch agent. Figure 21: Inventory Manager device status information The information displayed in Figure 21 is for an Extreme switch. The ExtremeWare software running in the switch provides comprehensive status information through the Extreme MIB. Figure 22 show the information displayed for a 3Com device—a subset of the information available for an Extreme device. EPICenter Software Installation and User Guide 91 Using the Inventory Manager Figure 22: Inventory Manager information for a 3Com device Viewing Device Information from Pop-up Menus You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains the Modify, Delete, Sync, Take Offline, and Properties commands. All of the commands—with the exception of the Properties command—perform the same functions as the buttons at the top of the page, but with the appropriate device or device group displayed. The Properties command displays the attributes for a specific device group or device and Network Login/802.1x information. The device pop-up menu also contains the Alarms, Browse, EView, Statistics, Sync, Telnet, and VLANs commands. All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed. Modify The Modify function lets you change the members of a device group, or update the contact parameters for a device in the EPICenter database. To view the Modify Device display for a selected device group or device: • Right-click on the device group or device, then select Modify from the pop-up menu that appears. This opens the Modify Devices and Device Group window. If you selected a device, the Modify Devices page is displayed. If you selected a device group, the Modify Device Group page is displayed. See “Modifying Devices and Device Groups” on page 104 for details on using this feature. 92 EPICenter Software Installation and User Guide Viewing Device Status Information Delete The Delete function lets you delete devices and device groups from the EPICenter database. To view the Delete display for a selected device group: • Right-click on the device group, then select Delete from the pop-up menu that appears. This opens the Delete Devices and Device Group window. The Delete Device Group window displays the device group name and a description of the device, if available. To view the Delete display for a selected device: • Right-click on the device, then select Delete from the pop-up menu that appears. The Inventory dialog box appears and prompts you to delete the selected device. See “Deleting Devices and Device Groups from the Database” on page 109 for details on using this feature. Take Offline The Take Offline function switches the device to an offline state. While offline, EPICenter does not communicate with the device. EPICenter does not process traps or syslog messages received from a device that is in the offline state. However, you can create references to the device for alarms, policies, groups, RMON thresholds, and so on. You can also request an interactive telnet session with the device. Once you bring the device online, the network state of the device is returned and information such as port status, ESRP, VLAN configuration, STP, and so on is preserved. To take a device offline: • Right-click on the device, then select Take Offline from the pop-up menu that appears. To return the device to the online state: • Right-click on the device, then select Bring Online from the pop-up menu that appears. Device The Device functions lets you view the following information for a device: • Alarms • Browse • EView • Statistics • Sync • Telnet • VLAN Alarms. The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. See Chapter 5 for details on using this feature. EPICenter Software Installation and User Guide 93 Using the Inventory Manager Browse. The Browse function runs the ExtremeWare Vista switch management interface for the selected device. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView. The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. See Chapter 10 for details on using this feature. Statistics. The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. See Chapter 11 for details on using this feature. Sync. The Sync function causes EPICenter to poll the switch and update all configuration and status information. See “Updating Device Information” on page 111 for details on using this feature. Telnet. The Telnet function opens an EPICenter telnet window that is connected to the selected device. See Chapter 7 for details on using this feature. VLANs. The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. See Chapter 13 for details on using this feature. Properties The Properties function lets you view the attributes for a device group or a device. To view the Properties display for all device groups: • Right-click on the Device Groups component, then select Properties from the pop-up menu that appears The Device Groups Properties window appears and displays the number of device groups and the names of the device groups that are known to EPICenter. To view the Properties display for a selected device group: • Right-click on the device group, then select Properties from the pop-up menu that appears The Device Group Properties window appears and displays the attributes for the selected device group. To view the Properties display for a selected device: • Right-click on the device, then select Properties from the pop-up menu that appears The Device Properties window appears and displays the attributes for the selected device. See “Displaying Properties” on page 115 for details on using this feature. 94 EPICenter Software Installation and User Guide Discovering Network Devices Discovering Network Devices EPICenter provides an automatic Discovery function that lets you discover network devices by IP address. To discover network devices, do the following: 1 Click the Discovery button at the top of the Inventory Manager main window. The Discover Devices window, shown in Figure 23, is displayed. Figure 23: Inventory Manager Device Discovery set up window 2 Click the appropriate boxes to select the types of devices you want to include in the discovery. You can discover Extreme devices only, or all devices with MIB-2 compatible agents. 3 Specify the device address range you want to discover. You may specify the range in one of two ways: — As an IP Address with Wildcards (such as 10.203.10.* or 10.203.?.??) Valid wildcard characters are *, ?, and - (dash): * acts as a wildcard for the entire octet (0-255). ? is a wildcard for a single digit (0-9). - lets you specify a range for any octet. You can use this in more than one octet. NOTE You cannot combine the dash with another wildcard in the same octet. EPICenter Software Installation and User Guide 95 Using the Inventory Manager You can also use the IP Address with Wildcards field to specify a single IP address. Examples: — As an IP address Range (such as 10.203.10.20 to 10.203.10.45) IP Address Specification Addresses Generated 10.203.0.* polls 10.203.0.0 through 10.203.0.255 10.203.?.?? polls 10.203.0.0 through 10.203.9.99 10.203.0.1? or 10.203.0.10-19 both specify the same range: 10.203.0.10 through 10.203.0.19 10.203.0-2.10-30 polls 10.203.0.10 through 10.203.0.30 10.203.1.10 through 10.203.1.30 10.203.2.10 through 10.203.2.30 NOTE There are certain IP addresses that are reserved. You should not include these addresses in your discovery. • • • • Class A networks: 0 and 127 are reserved. Class D networks: 224 - 239 are reserved for multicasting. All addresses above 239 are reserved. 255 is reserved for broadcast datagrams for either the host or network portion of the IP address. In addition, certain host addresses may be interpreted as broadcast addresses, depending on the subnetting of your network. IP addresses are processed prior to starting the discovery, and IP addresses that contain 255's in the host portion are eliminated. This is based on the IP address as well as the subnet mask. 4 Specify (or verify) the Subnet Mask size as appropriate. The value in the Subnet Mask field is the number of bits to be masked, starting from the high-order (left-hand) octet. The default subnet mask of 24 will mask the three high-order octets. 5 Specify (or verify) the SNMP Read Community string so that EPICenter will be able to retrieve information from any SNMP version 1 devices it discovers. 6 Select Enable SNMP V3 Discovery, if devices on your network use SNMP version 3. 7 Click the New button to add the range into the Device Discovery Criteria list. 8 Repeat steps 3 through 6 to specify any additional device addresses or ranges for the discovery. 9 If necessary, you can remove an address range from the Device Discovery Criteria list at any time before you initiate the discovery by selecting the range and clicking the Remove button. You can remove all address ranges using the Reset button at the bottom of the page. 10 Click the Discover button at the bottom of the window to initiate the discovery. NOTE If a discovery request is too large, your browser may not have sufficient memory resources available to handle it. It is recommended that you break a large discovery task into multiple separate tasks. A Discovery Results window is displayed as soon as the discovery process begins, as shown in Figure 24. The panel at the bottom of the window shows the progress of the discovery and displays 96 EPICenter Software Installation and User Guide Discovering Network Devices status messages for each device it finds as it works through the set of IP addresses you have specified. Figure 24: Results of a discovery, with details visible — Click the Hide Details button at the bottom of this window to hide the detail display. — Click View Details to re-display the discovery details. When the discovery has completed, the set of discovered devices is listed in the top panel of the Discovery Results window. NOTE These devices are NOT automatically entered into the EPICenter database. You must explicitly select and add devices to the database. 11 To add devices to the EPICenter database, select individual devices or a range of devices in the Results list, and click the Add button at the bottom of the window. NOTE If you select multiple devices, make sure the devices you select have identical contact information. As part of the Add process, you will be asked for a single password that will apply to all the selected devices. If the password is specified incorrectly for any of these devices, the add will fail for those devices. 12 A window appears where you must set additional device options such as a write community string, the device group to which the devices should be added, a default device login, password, and if SSH is used (see Figure 25). If there are Cisco devices among the set being added, you must also enter a Cisco enable password. Enter or make changes to any of these fields. These options will apply to the entire set of devices you are adding. EPICenter Software Installation and User Guide 97 Using the Inventory Manager NOTE Make sure the device passwords are correct for the selected devices. If you are adding multiple devices in one operation, make sure the passwords you specify are correct for each device. A device cannot be added if the password is not correct. Figure 25: Setting default device options for discovered devices 13 Click the SNMP tab to configure SNMP settings (see Figure 26). Figure 26: Setting SNMP default device options for discovered devices 14 Click OK to proceed with the Add process. A message window (shown in Figure 27) appears to show you the progress of the Add command. 98 EPICenter Software Installation and User Guide Discovering Network Devices Figure 27: Message window showing Add Device progress Devices are listed followed by a small purple rotating clock icon progress. while the add function is in • When a device has been successfully added, the clock turns into a green checkbox • If the device cannot be added, the clock turns into a red X in the checkbox is displayed in red. . and the device name The indicators just below the tree area of the window show the number of devices currently in each state. To see the messages related to an Add function (either successful or unsuccessful), select a device in the list. The messages related to the device are displayed as lines under the device node, as shown in Figure 28. • Click the plus sign at the left of the device name to display server messages related to adding the device. • Click the minus sign at the left of the device to hide the server messages. • The up and down arrow buttons let you move up and down the device tree, displaying the server messages associated with each device. • If you check the Errors Only box, the up and down arrow buttons will expand only devices that had errors. • The Collapse All button collapses all the device nodes, hiding all the server messages. EPICenter Software Installation and User Guide 99 Using the Inventory Manager Figure 28: Message window showing errors from the Add Device process CAUTION If you close the Discovery Results window without adding devices, the results for devices not already in the EPICenter database are lost. You must perform a discovery again to regenerate information on those devices. After the Add has finished, the Discovery Results window is re-displayed. You can select more devices and specify a different set of Inventory Device Options, and add those devices to the Inventory Manager. Adding Devices and Device Groups Users with Administrator or Manager access can add devices to the EPICenter database, and create Device Groups. If you have Monitor access only, you may not use this function. Adding a Device 1 Click the Add button at the top of the Inventory Manager main window. Select the appropriate tab to display the basic information in the Add Device window, as shown in Figure 29. 100 EPICenter Software Installation and User Guide Adding Devices and Device Groups Figure 29: Add Device window in the Inventory Manager 2 Enter the device IP address that EPICenter uses to access the switch. You may also enter a DNS-resolvable host name in place of the Switch IP address. 3 Enter the device login, contact password, and device poll interval in the appropriate fields. These are the parameters that EPICenter uses to access the switch. The default setting for the device poll interval is 30 minutes for an Extreme modular chassis and 90 minutes for an Extreme stackable chassis. 4 Enter the Cisco Enable Password is used if this device is a Cisco device. If the device is not a Cisco device, this field is grey. 5 If EPICenter is going to use SSH2 for secure Telnet sessions, select SSH Enabled in the Use SSH field. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. 6 Select the device group to which this device should belong. Default is the default group for managed devices. NOTE To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare Software Users Guide. To configure SNMP information for the device, click the SNMP tab, as shown in Figure 30. EPICenter Software Installation and User Guide 101 Using the Inventory Manager Figure 30: SNMP tab for Add Device window 1 Select the SNMP version from the SNMP Version pull-down menu. 2 If the device is using SNMP version 1, enter the SNMP read and write community strings in the appropriate fields. 3 If the device is using SNMP version 3, select the following: SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DES Privacy. SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password. SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5 Authentication, or SHA Authentication. SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the authentication password. 4 To clear the contents of the fields and reset them to their default values, click Reset. 5 To add the new device to the database, click Add. When you click Add, the Inventory Manager adds the devices to the database. It makes a set of SNMP requests to retrieve data that is needed from the devices by EPICenter applets. If the device is an Extreme switch, it also creates a set of SmartTraps rules that tell the switch what status and configuration changes are of interest to EPICenter. Creating a Device Group Device groups are sets of managed network devices that have something in common, and that can be managed as a group. For example, devices might be grouped by physical location (Building 1, Building 102 EPICenter Software Installation and User Guide Adding Devices and Device Groups 2, first floor, second floor), by department (engineering, marketing, finance), or by any other criteria that makes sense within the managed network environment. All devices become members of a device group when they are added to the EPICenter database, either through Add Devices or as a part of the Discovery process. A device may then be copied or moved to another device group as appropriate. To create a new device group, follow these steps: 1 Click the Add button at the top of the Inventory Manager main window. Select the appropriate tab to display the Device Groups window, as shown in Figure 31. Figure 31: Add Device Group window in the Inventory Manager 2 Type a name for the device group into the Device Group Name field, and a description (optional) into the Device Group Description field. 3 To add a device to the selected device group, perform one of the following steps: a To move a device to the selected device group, select one or more devices in the Available Devices list and click Move ->. The Move button removes the device from the original device group and adds it to the new device group. b To have the device belong to the original device group and the new device group, select one or more devices in the Available Devices list and click Copy ->. c The same device can be moved from several groups to the new group. Select each row for the device and click Move ->. The Device Group column in the included devices list shows the Device Group from which the device originated. EPICenter Software Installation and User Guide 103 Using the Inventory Manager 4 To remove a device from the new device group, select one or more devices in the Included Devices list, and click <- Remove. The device(s) will be moved from the selected device group and return to any device groups from which it was moved. 5 Repeat steps 3 and 4 until you have included all the devices that should be members of this device group. 6 To add the newly created device group to the database, click the Add button at the bottom of the window. If you have added a device to more than one device group, the Available Devices list displays a separate entry for each device group to which the device belongs, as shown in Figure 32. Figure 32: Device belonging to multiple device groups in Add Device Groups window Modifying Devices and Device Groups You can use the Modify function to modify the access parameters for an individual device, or to add and delete members of a device group. Users with Administrator or Manager access can modify device contact information and device groups. If you have Monitor access only, you cannot use this function. Modifying a Device You can begin the modify function using the Modify button on the toolbar, or by selecting a device in the Component Tree, right-clicking to display the pop-up menu, and selecting Modify. 104 EPICenter Software Installation and User Guide Modifying Devices and Device Groups To modify the contact information for a managed device in the database, do the following: 1 Click the Modify button at the top of the Inventory Manager main page. Select the appropriate tab to display the Modify Device window, as shown in Figure 33. Figure 33: Devices tab of the Modify Devices and Device Groups window 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All Devices to view the list of all devices from all device groups. 3 Select one or more devices in the Devices list for which you want to change contact information. 4 Enter the changed information in the appropriate fields of the Basic tab. Device IP Address: The IP address of the selected device. Device Login and Device Contact Password: The login and password needed in order to Telnet to the device or to use ExtremeWare Vista. Device Poll Interval: Specifies how frequently the EPICenter server should poll the for detailed device information, such as software version, bootrom version, and so on. This also includes EDP and ESRP information for non-”i” series devices. To avoid a potentially large amount of polling traffic, this detailed polling is only done every 30 minutes for core (chassis) devices and 90 minutes for edge devices. The default is 90 minutes for both the core and edge devices. You can change this detailed polling interval by entering a different value in this field. NOTE Note that the Device Poll Interval set here is different from the global Poll Interval you can set in the Administration applet. The global poll interval controls the basic status polling needed to ensure SNMP reachability, and is typically done much more frequently than detailed device polling. Cisco Enable Password: Used if this device is a Cisco device. If the device is not a Cisco device, this field is grey. EPICenter Software Installation and User Guide 105 Using the Inventory Manager Use SSH: Selects if EPICenter is going to use SSH2 for secure Telnet sessions. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. NOTE To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare Software Users Guide. Offline: Sets the device to the offline state. The device state can either be offline or online. 5 Enter the changed information in the appropriate fields of the SNMP tab, as shown in Figure 34. Figure 34: SNMP tab of the Modify Devices and Device Groups window SNMP Version: The version of SNMP (version 1 or version 3) that EPICenter uses to access the device. SNMP Read Community String and SNMP Write Community String: Can be modified if the device is using SNMP version 1. WARNING! If you change the community string for a device so that it no longer matches the string configured in the device, EPICenter will no longer be able to communicate with the device. For Extreme devices, EPICenter will display an error message, but it will not necessarily do so for third-party devices. To avoid this problem, change the community string on the device first, then change it in EPICenter. SNMP V3 User Name: The principal name used for SNMP V3 authentication and security. 106 EPICenter Software Installation and User Guide Modifying Devices and Device Groups SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DES Privacy. SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password. SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5 Authentication, or SHA Authentication. SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the authentication password. 6 Click Modify to add the changed information to the EPICenter database. 7 Click Close to cancel the Modify process. 8 Click Reset to reset the values to their defaults. Modifying a Device Group Devices are always a member of a device group; devices not explicitly assigned to another device group are members of the Default device group. This has two effects related to modifying device groups: • When devices are removed from all other device groups, they are automatically added to the Default device group. • Devices cannot be removed from the Default device group using the Remove button in the Modify dialog. To remove a device from the default device group, you must move it to another device group. You can begin the modify function using the Modify button on the toolbar, or by selecting a device group in the Component Tree, right-clicking to display the pop-up menu, and selecting Modify Device Group. To add or remove devices in a device group, do the following: 1 Click the Modify button at the top of the Inventory Manager main page. Select the appropriate tab to display the Modify Device Group window, as shown in Figure 35. EPICenter Software Installation and User Guide 107 Using the Inventory Manager Figure 35: Device Groups tab of the Modify Devices and Device Groups window 2 Select the device group you want to modify. The Included Devices list displays the devices that are currently members of this group. The Available Devices list displays the other devices known to EPICenter, and their current device group membership. 3 To change the name or description of the group, type the new text into the Device Group Name and Description fields. 4 To add a device to the selected device group, perform one of the following steps: a To move a device to the selected device group, select one or more devices in the Available Devices list and click Move ->. The Move button removes the device from the original device group and adds it to the new device group. b To have the device belong to the original device group and the device group being modified, select one or more devices in the Available Devices list and click Copy ->. 5 To remove a device from the device group, select one or more devices in the Included Devices list, and click <- Remove. The device(s) will be moved from the selected device group. If the selected device group is the only group to which the device belongs, the device is returned to the Default device group. Because devices not otherwise assigned are members of the Default device group, you cannot remove devices from the Default device group. Devices are removed from the Default device group only when they are moved to another device group or deleted from inventory. 6 Repeat steps 4 and 5 until you have included all the devices that should be members of this device group. The Reset button will undo all your add and remove actions, and return both the Available Devices and Included Devices lists to the state they were in when you started the Modify command. 7 To replace the modified device group in the database, click the Modify button at the bottom of the window. 108 EPICenter Software Installation and User Guide Deleting Devices and Device Groups from the Database Deleting Devices and Device Groups from the Database Users with Administrator or Manager access can delete devices and device groups from the EPICenter database. If you have Monitor access only, you cannot access this function. Deleting a Device You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device. To delete a device from the EPICenter database, follow these steps: 1 Click the Delete button at the top of the Inventory Manager main page. Select the appropriate tab to display the Delete Devices window (see Figure 36). Figure 36: Devices tab of the Delete Devices and Device Groups window 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All Devices to view the list of all devices from all device groups. 3 Select one or more devices in the Devices list, and click Delete. 4 Click OK to confirm that you want to delete the device information from the database. Deleting an online device removes the information about the device from the EPICenter database. This means that the device can no longer be monitored and managed from the EPICenter application. If the device is an Extreme switch, deleting it removes any SmartTraps rules, both from the database and the switch change table. It also removes all information about VLANs, QoS Policy, and Virtual Chassis connections associated with this switch from the EPICenter database. EPICenter Software Installation and User Guide 109 Using the Inventory Manager If the device is offline, the device is removed from inventory. The Smart Trap entries on the device are not removed. NOTE Deleting a device from EPICenter has no effect on the configuration of the device itself, other than altering the trap receiver table. Deleting a Device Group You can begin the delete function using the Delete button on the toolbar, or by selecting a device in the Component Tree, right-clicking to display the pop-up menu, and selecting Delete Device Group. To delete a device group from the EPICenter database, follow these steps: 1 Click the Delete button at the top of the Inventory Manager main page. Select the appropriate tab to display the Delete Device Groups window (see Figure 37). Figure 37: Device Groups tab of the Delete Devices and Device Groups window 2 Select one or more device groups in the Device Groups list, and click Delete. 3 Click OK to confirm that you want to delete the device group information from the database. Devices in the deleted device group that are not members of another group are automatically returned to the Default device group. 110 EPICenter Software Installation and User Guide Updating Device Information Updating Device Information Occasionally, you may want to update the configuration and status information for one or more devices in the EPICenter database. The Sync operation is a manual update you can use if you believe that the device configuration is not correctly represented in EPICenter applets. It updates all information for a selected set of devices, except for the contact information. If you have Administrator or Manager access to EPICenter, you can perform a Sync. If you have Monitor access only, you can not use this function. You can begin the synchronize function using the Sync button on the toolbar, or by selecting a device or device group in the Component Tree, right-clicking to display the pop-up menu, and selecting the Sync command. To refresh the configuration and status information, follow these steps: 1 Click Sync at the top of the Inventory Manager page. The Synchronize Devices dialog, shown in Figure 38, is displayed, listing the devices in the EPICenter database. Figure 38: Synchronize Devices dialog 2 To select a device from a specific device group, select the device group from the pull-down list in the Filter by Device Group field. Select All Devices to view the list of all devices from all device groups. 3 Select one or more devices in the Device list. 4 Click Reset at any time prior to initiating the Sync to deselect all device selections and start over. 5 Click Sync to initiate the synchronization process. The Inventory Manager uses SNMP to retrieve configuration and status information from each selected switch, and updates the database with that information. EPICenter Software Installation and User Guide 111 Using the Inventory Manager 6 The Sync function displays a dialog box with status or error information. Click OK to continue. NOTE Offline devices display a warning and are not synchronized. Configuring Default Access Parameters The Default button allows you to configure a set of default access parameters for network devices you have not yet discovered. After you configure the default access parameters, the network devices you discover and add to the EPICenter database will have these default parameters. 1 Click the Default button at the top of the Inventory Manager main window. The Configure Defaults window, shown in Figure 39, is displayed. Figure 39: Configure Defaults window, Basic tab 2 Enter or make changes to any of the Basic fields. These options will apply to future network devices that you add to the EPICenter database. Device Login and Device Contact Password: The login and password needed in order to Telnet to the device or to use ExtremeWare Vista. Cisco Enable Password: Used if this device is a Cisco device. If the device is not a Cisco device, this field is grey. Use SSH: Selects if EPICenter is going to use SSH2 for secure Telnet sessions. SSH2 must be configured on the device in order for an SSH2 session to be established between EPICenter and the device. 3 Click the SNMP tab to enter or make changes to any of the SNMP fields, as shown in Figure 40. These options will apply to future network devices that you add to the EPICenter database. 112 EPICenter Software Installation and User Guide Configuring Default Access Parameters Figure 40: Configure Defaults window, SNMP tab SNMP Read Community String and SNMP Write Community String: The SNMP community strings for devices using SNMP version 1. SNMP V3 User Name: The principal name used for SNMP V3 authentication and security. SNMP V3 Privacy Protocol: Specifies the SNMP V3 privacy protocol. Select either No Privacy or CBC DES Privacy. SNMP V3 Privacy Password: If the device is using CBC DES Privacy, enter the privacy password. SNMP V3 Authentication Protocol: Specifies the SNMP V3 authentication protocol. Select No Authentication, MD5 Authentication, or SHA Authentication. SNMP V3 Authentication Password: If the devices is using SNMP V3 Authentication, enter the authentication password. 4 Click Reset to clear the contents of the fields and reset them to their default values. 5 Click Save to save your changes to the EPICenter database. A message window (shown in Figure 41) appears to show you the progress of the Save command. Figure 41: Message window showing Save progress 6 Click OK to return to the Configure Defaults window. 7 Click Close to exit the Configure Defaults window. If you make changes to the access parameters and you do not save those changes, the Inventory dialog box (shown in Figure 42) appears. From the Inventory dialog box, you can apply or not apply the changes you made, or you can cancel out of the dialog box. EPICenter Software Installation and User Guide 113 Using the Inventory Manager Figure 42: Inventory dialog box Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the Inventory Manager page. The Find Devices dialog, shown in Figure 43, is displayed. Figure 43: Find Devices dialog 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific device group, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field. You can use the wild card characters * or ? in your search criteria. * acts as a wildcard for an entire octet (0-255) 114 EPICenter Software Installation and User Guide Displaying Properties ? is a wildcard for a single digit (0-9) — A device group. Select the device group from the drop-down menu in the device group field. If you do not specify a name or IP address in the Search field, all devices in the device group you select will be found. — A device type. Select the device type from the drop-down menu in the type field. If you do not specify a name or IP address in the Search field, all devices of the type you select will be found. 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the device group in which the device can be found, its name, IP address, and the type of device. There is one entry for each device or device group combination. 4 Double-click on a device in the results table to highlight the device in the Component Tree, or select a device in the results table and click OK, to display the associated status information for that device (see “Viewing Device Status Information” on page 90). If you click OK, the search window will close. 5 Click New Search to clear all search criteria. 6 Click Cancel to close the search window. Displaying Properties You can view the properties of a device group or a device in the EPICenter database. This section describes how to view the device group properties and the device properties. All Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display (see Figure 44). EPICenter Software Installation and User Guide 115 Using the Inventory Manager Figure 44: Device Groups Properties for all Device Groups The Device Groups Properties window displays the following information: • Count—The number of device groups known to EPICenter There is also a table which contains the following columns: • Device Group—The name(s) of the device group(s) known to EPICenter • Description—A description of each device group known to EPICenter You can also view properties for a specific device group. To view properties for a specific device group, right-click on a device group in the Component Tree and select Properties from the pop-up menu. The Device Group Properties window appears, showing information about the selected group (see Figure 45). 116 EPICenter Software Installation and User Guide Displaying Properties Figure 45: Device Group Properties for an individual device The Device Group Properties window displays the following information: • Device Group—The name of the device group • Description—A description of the device group • Count—The number of devices in the device group There is also a table which contains the following columns: • Device—The name of the devices that are members of this device group • IP Address—The IP addresses of the devices that are members of this device group Device Properties To view properties for a device, right-click on a device in the Component Tree and select Properties from the pop-up menu that appears. The Device Properties window opens, as shown in Figure 46. EPICenter Software Installation and User Guide 117 Using the Inventory Manager Figure 46: Device Properties window The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. 118 EPICenter Software Installation and User Guide Displaying Properties The VLAN Tab The VLAN tab lists the VLANs configured on the device. This window shows the following information about the VLANs on the device: VLAN VLAN name Tag VLAN tag Protocol Protocol filter for the VLAN IP Address IP address of the VLAN Subnet Mask Subnet Mask for the VLAN QoS Profile The QoS profile configured for this VLAN ESRP Whether ESRP is configured for this device. The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. STP The STP Domain name State The domain state (Enabled or Disabled) VLAN The name of the VLAN participating in this domain Tag The 802.1Q tag of one of the wholly-contained VLANs in the domain. Root Indicates whether this device is currently the STP root bridge for this domain (Yes or No). No. of Ports The number of ports on this bridge participating in this VLAN in this domain. Will be N/A if the STP domain is disabled on this VLAN. NOTE A device must be running ExtremeWare 6.2.2 or later in order for EPICenter to access STP information for the device. Devices running earlier versions of ExtremeWare may have STP configured, but EPICenter will not be able to provide information about the configuration. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. Port The port on the device on which the user is logged in. User Name The name of the user. IP Address The IP address of the user’s host. Login Type The login type, either network login or 802.1x. MAC Address The MAC address of the user’s host. VLAN The VLAN to which the port belongs. EPICenter Software Installation and User Guide 119 Using the Inventory Manager The Syslog Messages Tab The Syslog Messages tab lists information about the last 500 Syslog Message received from the device. Time The time that the message was received. Severity The severity level of the message. Severity levels include the following: • 0—Emergency • 1—Alert • 2—Critical • 3—Error • 4—Warning • 5—Notice • 6—Information • 7—Debug Facility The Syslog facility reporting the message. Message The text of the message. Syslog messages are stored along with traps in the event log. The EPICenter server keeps a minimum of 10days of event history. The event log can be a maximum of 30 MB per file and uses two rotating archive files. If you want to retain historical even log records, you should backup the event log. 120 EPICenter Software Installation and User Guide 5 The EPICenter Alarm System This chapter describes how to use the EPICenter Alarm System applet for: • Viewing the alarms that have occurred • Defining new alarms and modifying current alarm definitions • Configuring threshold-based alarms • Configuring EPICenter as a trap receiver • Configuring EPICenter as a syslog receiver Overview of the EPICenter Alarm System The EPICenter Alarm System provides fault detection and alarm handling for the network devices monitored by EPICenter. This includes Extreme Networks devices and some third-party devices—those that EPICenter can include in its Inventory database. The Alarm System provides a set of predefined, enabled alarms that will immediately report conditions such as authentication or login failures, device problems such as power supply or fan failures, reachability problems, or device reboots. The Alarm System also lets you define your own alarms that will report errors under conditions you specify, such as repeated occurrences or exceeding threshold values. You can specify the actions that should be taken when an alarm occurs, and you can enable and disable individual alarms. Fault detection is based on Simple Network Management Protocol (SNMP) traps, syslog messages, and some limited polling. The Alarm System supports SNMP Management Information Base-2 (MIB-2), the Extreme Networks private MIB, Remote Monitoring (RMON) traps, and selected traps from other MIBs. When an alarm occurs you can specify actions such as sending e-mail, running a program, running a script, or sounding an audible alert. For convenience, the EPICenter Alarm System provides a number of predefined alarms. These alarms are enabled by default and are active as soon as the EPICenter server starts up. These include the following alarms: • Authentication failure (SNMP MIB-2 trap) • Invalid login (Extreme proprietary trap) • Redundant Power Supply (RPS) alarm condition (Extreme proprietary trap) • ESRP state change (Extreme proprietary trap) • SNMP unreachable (EPICenter event) EPICenter Software Installation and User Guide 121 The EPICenter Alarm System • Configuration upload failure for an upload attempted from the EPICenter system (EPICenter event) • Overheat (EPICenter event) • Fan failure (EPICenter event) • Device reboot (EPICenter event) • Health Check Failed (Extreme proprietary trap) • Device Warning from EPICenter (EPICenter event) • Power Supply Failed (EPICenter event) NOTE When Extreme Networks devices are added to the EPICenter Inventory database, they are automatically configured to send traps to the EPICenter server. To receive traps from non-Extreme Networks devices, you must manually configure the devices to send traps to the EPICenter server. To receive syslog messages from an Extreme Networks device, EPICenter must be configured as a syslog receiver on the device. See “Configuring EPICenter as a Syslog Receiver” on page 153 for more information. Not all trap events are supported in older versions of the ExtremeWare software. Please refer to Appendix C for information on the switch software required for specific traps. The Alarm Log Browser Click the Alarm button in the Navigation Toolbar to run the Alarm System applet and view the Alarm Log Browser. The Alarm button (icon) acts as an alarm indicator — if it is displayed in red instead of black, it indicates that at least one new alarm has occurred. 122 EPICenter Software Installation and User Guide The Alarm Log Browser The Alarm Log Browser page appears, as shown in Figure 47. Figure 47: The Alarm Log Browser page Predefined filters Alarm System module tabs New alarm indicator Current filter definition Alarm summary Acknowledged alarms The Alarm Log Browser page displays a summary of the alarms that have occurred, optionally filtered based on criteria you can specify. An alarm can be generated due to an SNMP or RMON trap, a syslog message, or based on the results of a poll. By default, the predefined alarms are all enabled; therefore, you may see alarm log entries the first time you run the Alarm System, even if you have not defined any alarms of your own. The Alarm Log Browser summary displays the following information for each alarm instance: • ID — An integer number assigned by the EPICenter Alarm System based on the order in which the alarm occurred • Name — A name for the alarm, provided when the alarm is defined • Category— An optional user-defined classification that defaults to “Default” • Severity — The severity level associated with the alarm when it was defined • Source — The IP address of the device that generated the trap or responded to a poll • Time — The date and time at which the alarm was received • Message — The message generated by the alarm • Acked — A green check will be present in this column if the alarm has been acknowledged EPICenter Software Installation and User Guide 123 The EPICenter Alarm System The summary is initially sorted by ID in descending numerical order, so that the most recent alarm appears at the top of the list. You can sort the display by the contents of any column by clicking on the column heading. Click the heading a second time to reverse the sort order based on that column. Acknowledging an Alarm To acknowledge an alarm: 1 Select the alarm or alarms you want to acknowledge. 2 Click the Acknowledge (Ack) button at the top of the page. This sets the state of the selected alarms to “acknowledged,” and places a green check in the Acked field of the selected alarm log entries. When you acknowledge the most recent alarm, the state of the Alarm button in the EPICenter Navigation Toolbar also returns to black. You can “unacknowledge” alarms, if needed, by selecting the alarms and clicking the Unack button. The Ack or Unack operation may take a few seconds to update the database. When the update is complete, the rows are deselected. Deleting Alarm Log Entries To delete an alarm log entry: 1 Select the alarm entry or entries you want to delete. 2 Click the Delete button at the top of the page. This removes the selected alarm log entries entirely from the EPICenter database. Deleting Groups of Log Entries You can also delete groups of alarm log entries based on specific filtering criteria that you set, such as all entries in a certain timeframe, all entries for selected devices, and so on. To delete a group of alarm entries, click the Delete alarms with specified conditions button at the top of the page. The Delete alarm records with specified conditions window opens, as shown in Figure 48. 124 EPICenter Software Installation and User Guide The Alarm Log Browser Figure 48: Delete alarm records filter definition window In this window you can define a filter — a set of conditions — to use to evaluate whether an alarm record should be deleted. See “Deleting Groups of Log Entries” on page 124 for more detailed information. To create a delete filter, do the following: 1 If the “View last 300 alarms” check box is checked, the remaining fields will be greyed-out. Uncheck the check box to enable the other fields. 2 Select the parameter you want to use as a filter criterion from the pull-down menu in the Field field. 3 Select an operator using the pull-down menu in the Operator field. 4 Enter the value (or values) against which the parameter should be tested. If you have chosen the Between operator (available for Log ID, Source IP, and Port IfIndex) you will be asked to enter two values. For some parameters you can select values from a drop-down list. For a more detailed explanation of defining a filter condition. see “Filtering the Alarm Display” on page 126. 5 Click the Add/Modify Condition button to add this specification to the filter definition. You can create a multi-criteria specification using more than one parameter, as shown in Figure 48, as long as each parameter is different. You cannot filter using multiple specifications of the same parameter. For example, in order to delete alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must do this in two operations. 6 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s) button. You can select and remove multiple filter criteria. 7 When your filter definition is complete, click Delete. The alarm records that meet the conditions are deleted. EPICenter Software Installation and User Guide 125 The EPICenter Alarm System If you simply want to delete that last 300 alarms, leave the “View last 300 alarms” box checked, and click Delete. Viewing Alarm Details To view the details of an individual alarm: 1 Select the alarm you want to view. 2 Click the Detail button at the top of the page, or double-click on the alarm entry in the log. The Alarm Log Detailed Views displayed, as shown in Figure 49. Figure 49: Detailed view of an Alarm Log entry This displays detailed information for the selected alarm. From this window you can view details for other alarms: • Enter or select an Alarm ID in the Go to alarm field. • Click the Next button to view the next alarm down in the list (the next earlier alarm based on the default sorting order). • Click the Previous button to view the next alarm higher in the list (the next later alarm based on the default sorting order). Filtering the Alarm Display The alarms you see in the Alarm Log browser are displayed based on a filtering criteria. The default criteria is to display the last 300 alarms from the EPICenter database (assuming you invoked the Alarm browser from EPICenter’s Navigation Toolbar). You can select other filters from the pull-down field at the top of the alarm summary display. There are three predefined filters based on time: “7 days ago,”, Last 24 hours,” and “Yesterday.” 126 EPICenter Software Installation and User Guide The Alarm Log Browser If you invoke the Alarm Browser from the Topology applet (using the pop-up menu for a specific node) the default filter is set to filter on the Source IP of the node you selected. You can create your own filters based on criteria such as Source IP, Severity, Alarm Name, LogID, and a number of others. You filter can combine multiple criteria. To specify your own filter, click the Filter button at the top of the page. The Define Alarm Log Filter window is displayed, as shown in Figure 50. Figure 50: Alarm Log filter definition window The Define Alarm Log Filter window opens displaying either the last filter definition you created, or the default filter (View last 300 alarms). To create your own filter, do the following: 1 Click the New button to clear the previous filter definition. If, the View last 300 alarms check box is checked, this will uncheck it and enable the other fields in the window. 2 Select the parameter you want to use as a filter criterion from the pull-down menu in the Field field. 3 Select an operator using the pull-down menu in the Operator field. 4 Enter the value (or values) against which the parameter should be tested. The criteria you can specify are as follows: • Log ID: An integer. You can test equality relationships (equal, not equal, greater than. less than, greater than or equal, less than or equal) or for a range (Between). If you choose Between you are asked to enter two values. • Alarm Name: Text string. You can select an alarm name from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains). The Contains operator lets you match against a substring (portion of text) that should be contained in the parameter value. EPICenter Software Installation and User Guide 127 The EPICenter Alarm System • Category: Text string. You can select a category from the drop-down list in the Value field, or enter a text string. You can test for an exact match or non-match, or a substring (Contains). • Severity: An alarm severity level. You must select a severity level from the drop-down list in the Value field. You can test for an exact match or non-match. • Source IP: IP address. Can test for exact match or non-match, or for a range (Between). If you choose Between you are asked to enter two values. You cannot match on a subnet. • PortIfIndex: An integer. Can test equality relationships (equal, not equal, greater than. less than, greater than or equal, less than or equal) or for a range (Between). If you choose Between you are asked to enter two values. • Time: You must select a time period from the drop down list in the Value field. Criteria include periods such as Last 1 Hour, Yesterday, 2 Days Ago, etc. The filter will match all alarms within the time period. • Acked: Tests for Yes (matches all Acknowledged alarms) or No (matches all unacknowledged alarms). 5 Click the Add/Modify Condition button to add this specification to the filter definition. You can create a multi-criteria specification using more than one parameter, as shown in Figure 48, as long as each parameter is different. You cannot filter using multiple specifications of the same parameter. For example, in order to find and view alarms for IP addresses 10.205.0.55 and 10.205.0.61, you must use the Between operator to test for all Source IP addresses between these two IP addresses. You cannot create a filter that includes both Source IP = 10.205.0.55 and Source IP = 10.205.0.61. 6 To remove an individual criteria, select it in the current filter list and click the Remove Condition(s) button. You can select and remove multiple filter criteria. 7 When your filter definition is complete, you can save it as a named filter, or you can just apply it to the Alarm Log without saving it. To save it, click Save, and enter a name into the dialog box that appears. 8 To apply the filter to the Alarm Log summary, click OK. This filters the display based on the criteria you defined. You do not need to save the filter before you do this. If you do not save the filter definition before you apply it to the Alarm Log, you can re-open the Define Alarm Log Filter window and save it then. The filter definition will be retained in the Define Alarm Log Filter window until you either crete another filter definition, or exit the Alarm System applet. To restore the default filter definition, click the View last 300 alarms check box and click OK. Deleting Alarm Log Filters You can delete any saved alarm log filters except for the default filter. To delete a filter, do the following: 1 Click the Delete saved alarm log filters button. This opens the Delete Filters window. 2 Select the filter you want to delete, and click OK. 128 EPICenter Software Installation and User Guide Defining Alarms Pausing All Alarms You can temporarily stop the processing of all enabled alarms using the Pause/Resume feature. Click Pause paused. to stop processing enabled alarms. EPICenter ignores all traps when its alarms are To resume processing traps, click Resume . Defining Alarms For convenience, the EPICenter Alarm System provides a number of predefined alarms. These alarms are all enabled by default and are active as soon as the EPICenter server starts up. The predefined alarms generate alarm log entries upon occurrence, but no other actions are specified. You can modify the predefined alarms, or define additional alarms based on a fairly large number of events. To view the current alarm definitions, to create new definitions, or to modify existing definitions, click the Alarm Definition tab at the top of the page. The Alarm System: Alarm Definition page is displayed, as shown in Figure 51. Figure 51: Alarm System: Alarm Definition page To view the settings for an individual alarm, select the alarm. Its definition appears in the fields below the alarm list. For a definition of the fields in the top portion of the alarm definition, see the section “The Basic Alarm Properties” on page 130. EPICenter Software Installation and User Guide 129 The EPICenter Alarm System Alarm Actions — An alarm action is a function that the alarm system executes when an alarm occurs, in addition to logging the occurrence of the alarm. By default the predefined alarms have no actions defined for them (other than logging). Alarm actions can include sending e-mail, sounding an audible alert, running a program or executing a script. For the predefined alarms, an alarm event will create an entry in the Alarm Log, but no other actions will occur. You can define additional actions for any of these alarms. Alarm Scope — Alarm scope defines which devices can trigger an alarm. The predefined alarms are scoped by default for all devices and ports. Thus, a trap received from any port or any device will trigger the corresponding alarm. You can modify the scope of any of these alarms. Creating a New Alarm Definition To create a new alarm, click the Add button at the top of the page. The New Alarm Definition window appears, as shown in Figure 52, and displays the Basic page of the three-page alarm definition. Figure 52: The New Alarm Definition window, Basic definition There are three parts to an alarm definition: the Basic definition, the Scope definition, and the Action definition. Each is represented on its own page in the New Alarm Definition window. Use the tabs at the top of the window to move between the three pages. When you are finished with your alarm definition, click OK, and the alarm will be entered into the Alarm Definition List. The Basic Alarm Properties On the Basic page, you define the event-related parameters of the alarm: its name, severity, the event that will trigger it, and so on. The fields in this window are defined as follows: • Name — The name of the alarm as it will appear in the alarm log and (optionally) elsewhere. This defines the variable alarmName • Enabled — Indicates whether the alarm is “turned on” or not. If you uncheck this box, the alarm will remain defined but will not be operational 130 EPICenter Software Installation and User Guide Defining Alarms • Category — The category assigned to this alarm. Select the category using the pull-down menu at the end of the field (see the section “Creating a New Alarm Category” on page 138 for more information). This defines the variable alarmCategory. • Severity — The severity of the alarm. Select one of the five severity levels from the pull-down menu (normal, warning, minor, major, critical). This defines the variable alarmSeverity. The severity level also determines the sound that will be played as an audible alert. • Event Type — The type of event (SNMP trap, RMON Trap Rising Alarm, RMON Trap Falling Alarm, EPICenter, or Syslog message). This determines the list of events you can select in the Event Name field. An EPICenter event is generated by EPICenter based on the results of its periodic polling. In some cases, a condition that causes an EPICenter event may also generate an SNMP or other trap. Creating an alarm triggered by an EPICenter event guarantees that the condition will eventually be detected by polling even if the corresponding trap is missed. See Appendix Efor a description of the EPICenter and SNMP events supported by the EPICenter Alarm System. Certain SNMP events require configuration on the switch in order to enable specific trap conditions. RMON events (including Port utilization, temperature, or STP topology change events) and events based on CPU utilization, are defined through the Threshold Configuration page of the EPICenter Alarm System. RMON event rules can be configured only on switches running ExtremeWare 6.1 or later. CPU Utilization rules can only be configured on switches running ExtremeWare 6.2 or later. To receive Syslog messages, the Syslog receiver function of EPICenter must be enabled, and remote logging must be enabled with EPICenter configured as a Syslog receiver on the devices from which you want to receive Syslog messages. See “Configuring EPICenter as a Syslog Receiver” on page 153 for more information. Syslog messages received from devices not managed by EPICenter are ignored. For certain other events, you must do the configuration on the switch using an SNMP configuration tool such as SNMPc. See “Configuring Other SNMP Trap Events” on page 152 for more information. The event type is concatenated with the event name to define the variable eventTypeName. • Event Name — The specific event (trap) that should trigger this alarm. Select the event from the pull-down list provided. For RMON Rising or RMON Falling trap types, the RMON rule name is used as the event name. The full-down list includes the configured RMON rule names. See Appendix E for a description of the EPICenter and SNMP events from which you can choose. The event name is concatenated with the event type to define the variable eventTypeName. • Pattern Matching on Event Data — You can specify that the alarm should be triggered only if the data provided with the event matches a specific pattern. If you leave this unchecked, the default is “Don’t Care.” Pattern matching is done on the contents of the eventData variable. The pattern matching syntax uses regular expressions. You can use “*” or “%” (asterisk or percent) to match any sequence of zero or more characters. “?” or “_” (question mark or underscore) can be used to match any one character. To match one of a set of characters, enclose the characters in brackets. For example, [abcd] will match one of a, b, c, or d. • Message — A message you specify that will be transmitted whenever the alarm occurs. By default, this field contains the variable eventTypeName. You can delete this variable, add other variables as provided in the variable pop-up list, and add your own text. For Syslog messages, use the eventData variable to display the Syslog message. • Variables... — A pop-up list that provides a list of variables you can select to include in the Message field. See Table 4 for a definition of the Alarm System variables you can use in the message field. EPICenter Software Installation and User Guide 131 The EPICenter Alarm System • Repetitive occurrence specification (If event happens... ) — The required number of repeated occurrences of the event that must occur before an alarm is generated. You can specify both the number of times the event must occur, and the time frame within which these events must occur. This lets you define alarms that will filter out short-lived or non-repeatable events, and will only take action if the triggering event occurs repeatedly within a sufficiently short time frame. Table 4: EPICenter Alarm Variables Variable Name Description alarmID An integer number assigned by the EPICenter Alarm System based on the order in which the alarm occurred alarmName The name of the alarm as defined in the Name field alarmCategory The user-defined alarm category assigned to the alarm alarmSeverity The severity level assigned to the alarm alarmRepeatTimes The number of times the event must occur before an alarm is generated alarmRepeatPeriod The time frame within which the repeated events must occur for the alarm to be generated alarmSourceDeviceName The name of the device on which the event(s) occurred (taken from the EPICenter database) alarmSourceIP The IP address of the device on which the event(s) occurred alarmSourceIfIndex The interface on the device on which the event(s) occurred alarmGMTTime The time at which the alarm occurred, in Greenwich Mean Time alarmLocalTime The time at which the alarm occurred, in local time alarmMessage The message defined for the alarm (for use by an external program executed as an alarm action) alarmActions The list of actions defined for the alarm eventLogID The ID of the event in EPICenter’s event log eventTypeName The type of event (SNMP Trap, RMON Rising Trap, RMON Falling Trap, or EPICenter event) concatenated with the Event Name (the SNMP trap name, RMON rule name, or EPICenter event name). eventGenericType The SNMP Generic Type number of the trap eventSpecificType The SNMP Specific Type number for an enterprise-specific trap eventSpecificTypeStr The event description eventEnterprise The Enterprise portion of the Object ID (OID) of the event eventData The data associated with the trap, or the Syslog message content The Alarm Scope To define a scope for the alarm, click the Scope tab. The Scope definition page is displayed, as shown in Figure 53. 132 EPICenter Software Installation and User Guide Defining Alarms Figure 53: The New Alarm Definition window, Scope definition In this window you define the scope of the alarm—the set of devices that can trigger the alarm. You can define the scope as a set of individual devices, one or more device groups, as a set of individual ports, or as one or more port groups. To define the alarm scope, you select a Source Type (and Device Group, if appropriate), select individual devices, ports, device groups, or port groups, and add them to the Selections list. The scope can contain a combination of source types. The fields and buttons in this window are defined as follows: • Scope on all devices and ports — When this is checked, an event received from any device or device port will trigger the alarm. In addition, as new devices are added to the EPICenter inventory database, those devices and ports will also be included in the device scope. Uncheck the checkbox to enable scoping by specific devices, device groups, ports or port groups. • Source Type — The source of the scoping definition (Device, Device Group, Port, or Port Group). Select the type you want from the pull-down list. Selecting Device Group or Port Group will scope the alarm on all members of the selected group. Group membership is evaluated every time a trap is received. Therefore, changes to the group membership (adding or removing devices or ports) will have an immediate effect on alarm processing. To scope the alarm on individual devices or ports, select Device or Port. For events that originate from a device port (such as link down) the scope will determine whether the alarm is generated based on an event from a single port, or on events from any port on a device, or from any port on any device in a device group. For example, if you want to define an alarm that is fired for any port on device A, you can scope the alarm as “Device,” select the appropriate device group, and select Device A. If you want to define the alarm only to be fired on selected ports on Device A, then you would scope the alarm as “Port,” select Device A, and then select the individual ports. You could also define a port group for the specific ports of interest, the scope the alarm as Port Group and select the appropriate group. • Select Group — If you select Device or Port as the Source Type, you must select a Device Group to indicate what set of devices (and ports) you want to see in the Source List. EPICenter Software Installation and User Guide 133 The EPICenter Alarm System • Source list (Device/Device Group/Port Group) — The list of components of the specified type. The field label changes based on the Source Type. It is labeled Device when you select either Device or Port as the Source Type. • ifIndex — The list of ports available on the device selected in the Devices Source list. This list appears only if you have selected Port as the Source Type. Select a device from the Device list, and the appropriate set of ports for the device appears. • Selection — The devices, ports, device groups, or port groups that are currently included in the scope. • Add-> — Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selections list, for inclusion in the scope of this alarm. • Add All-> — Adds all the components in the Source list to the Selection list. • <-Remove — Removes the selected components from the Selection list. • <-Remove All — Removes all the components from the Selection list. The Alarm Actions To define actions for the alarm, click the Actions tab. The Action definition page is displayed, as shown in Figure 54. Figure 54: The New Alarm Definition window, Action definition In this window you define the actions for the alarm—the functions that should be performed when the alarm occurs. You can have the alarm perform any or all of the actions defined here. The fields and buttons in this window are defined as follows: • Sound Alert — Click the check box to have the alarm system play an audible alert on the client computer when the alarm occurs. The alarm will sound on all EPICenter clients currently connected to the EPICenter server. The sound that is played will depend on the severity level of the alarm. The alert sound files are kept on the EPICenter server in the directory <epicenter_installdir>\extreme, and are named according to the severity level they represent (normal.wav, warning.wav and so on). <epicenter_installdir> is the directory where EPICenter 134 EPICenter Software Installation and User Guide Defining Alarms is installed, by default epc4_1 in the Windows operating environment, or /opt/extreme/epc4_1 on a Solaris system. • Email to — Click this check box to indicate that e-mail should be sent, then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces. Full email provides the alarm number, alarm name, source IP address and ifIndex, severity and message in the subject header. In the body of the email it provides the alarm time, alarm name, alarm category, severity, source IP address and ifIndex, alarm message, the event name that triggered the alarm, the result of the alarm action, and a URL link to the EPICenter server. • Short email to — Click this check box to indicate that a short e-mail (appropriate for text paging) should be sent. Then enter the e-mail address(es) of the recipients for the e-mail. E-mail addresses in a list can be separated by commas, semicolons, or spaces. Short email provides the alarm number in the subject header, and the alarm name, source IP address and ifIndex, severity, and alarm message in the body of the email. For example, a short email might contain the following information: Subject: Alarm #4017 Body: link down, 10.255.59.150, ifIndex 17, Normal, SNMP Trap Link Down If this email format is still too long, you can write a customized email message by writing a script using the ::extr::sendMail command. See “Writing Tcl Scripts for Alarm Actions” on page 155 for more information. NOTE If this box is greyed out, you must first configure your e-mail settings. See “Setting Up E-mail for the Alarm System” on page 136 for details. • Forward Trap to: Click this checkbox to forward the trap event that caused this alarm. Specify the forwarding instructions in the fields to the right of the check box as follows: — Host: Enter the host name or host IP address of the system to which the trap should be forwarded. — Port: Enter the port on which the specified host receives traps. — Community String: Enter the community string for the specified host. NOTE If you are using SNMP version 3 and a trap is sent by an SNMP version 3-enabled device, it is forwarded as an SNMP version 2 trap using this community string. • Run program: Click the check box to have the Alarm System run a program when this alarm occurs. Enter the command string for the program you want to run. You can include Alarm System variables as arguments by clicking the Variables... button and selecting the variables you want. See Table 4 on page 132 for a definition of the Alarm System variables you can use in the message field. NOTE On a WIndows 2000 or Windows XP system, if you are running the EPICenter server as a service, and if you want to run a program that does output to the desktop, you must specify that output to the desktop is allowed when you start the server service. Otherwise, the program will not run. See the Alarm System section in Appendix A for instructions on restarting the EPICenter server service with EPICenter Software Installation and User Guide 135 The EPICenter Alarm System this option enabled. If you are running the EPICenter server as a regular program, this is not a problem. NOTE If you want to specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS “cmd” command, as follows: cmd /c start <file.bat> where <file.bat> is the batch file you want to run. • Execute script: Click the check box to have the Alarm System execute a Tcl script when this alarm occurs. Enter the script commands into the window provided. You can write your own scripts that access selected EPICenter database variables. See “Writing Tcl Scripts for Alarm Actions” on page 155 for more information. Setting Up E-mail for the Alarm System Before you can use the e-mail action, you must configure the e-mail capability. Until you do so, the Email To field and check box will not be available. To configure the e-mail capability, do the following: 1 Click the Settings... button on the Action page. This displays the Email Settings window, as shown in Figure 55. Figure 55: Setting up E-mail for EPICenter alarm actions 2 Enter your outgoing mail server name (or IP address) into the SMTP Host: field. 3 Enter into the Sent By: field the e-mail address that should be used as the sender of the e-mail. 4 If your mail server authenticates the user before sending out e-mail, check the My server requires authentication check box, and enter the user name and password of an account that the SMTP server will accept. Usually this will be the account you use to log into your network. If you don’t know whether your server requires authentication, you can go ahead and enter the authentication information—it will be ignored if it is not actually needed. Alarm Definition Examples Example 1: Define an alarm that will page “Joe” at “[email protected]” if port 10 on device “switch8” goes down. 1 Bring up the New Alarm Definition dialog. On the Basic page, do the following: a Type a name for the alarm (for example, WAN Link Down) in the Name field. b Make sure the Enabled checkbox is checked. 136 EPICenter Software Installation and User Guide Defining Alarms c Select a category (e.g. “Default”) in the Category field. d Select “SNMP Trap” in the Event Type field. e Select “Link Down” in the Event Name field. 2 Click the Scope tab, and do the following: a Uncheck the All devices and ports checkbox. b Select “Port” in the Source Type field. c Select “switch8” from the Device list. d Select “10” from the ifIndex list. e Click the Add button to add port 10 to the Selection list. 3 Click the Action tab, and do the following: a Click the Short email to: check box to turn on the check. b Type [email protected] in the text field next to the checkbox. 4 Click OK to finish the alarm definition. Example 2: Define an alarm that will page “Joe” at “[email protected]” if any port on device “switch8” goes down. 1 Bring up the New Alarm Definition dialog. Fill in the fields on the Basic page just as you did in Example 1. 2 Under the Scope tab, do the following: a Uncheck the All devices and ports checkbox. b Select “Device” in the Source Type field, instead of “Port.” c Select “switch8” from the Device list as in Example 1. d Click the Add button to add switch8 to the Selection list. No ifIndex list will be displayed. 3 Click the Action tab, and enter Joe’s paging information as you did in Example 1. 4 Click OK to finish the alarm definition. Example 3: In a Windows NT environment (where both the EPICenter server and client are running under Windows), define an alarm that will pop up a message on the Windows client system “joe” if the port utilization on port 10 on device “switch8” exceeds 15 percent. This alarm requires an RMON rule with a Rising Threshold of 15 percent for port utilization. You can define the RMON rule either before or after you define the alarm. See “RMON Rule Configuration Example” on page 150for an example of how to create the RMON rule. To create the alarm definition: 1 Bring up the New Alarm Definition dialog. On the Basic page, fill in the Name and Category fields, and check the Enabled checkbox, just as you did in Example 1. a Select “RMON Rising Trap” in the Event Type field. b Enter the RMON rule name in the Event Name field: If you have already created the RMON rule, you can select it from the pull-down menu in the Event Name field. For example, if you named the rule “WAN Link 15%”, that name should appear in the pull-down menu. If you have not yet created the RMON rule, type in a name for the rule (for example, “WAN Link 15%”). You will need to use this name for the rule when you create it. EPICenter Software Installation and User Guide 137 The EPICenter Alarm System See “RMON Rule Configuration Example” on page 150 for an example of how to create the RMON rule. 2 Click the Scope tab, and enter the port information as you did in Example 1: a Uncheck the All devices and ports checkbox. b Select “Port” in the Source Type field. c Select “switch8” from the Device list. d Select “10” from the ifIndex list. e Click the Add button to add port 10 to the Selection list. 3 Click the Action tab, and do the following: a Click the Run Program checkbox to turn on the check. b Type net send joe "$alarmName" in the text field next to the checkbox. 4 This program is only available on the Windows platform.Click OK to finish the alarm definition. Modifying Alarm Definitions To modify an alarm, select the alarm in the Alarm Definition List, and click the Modify button at the top of the page. The Modify Alarm Definition window is displayed. This window, and its Basic, Scope and Action pages, are identical to the New Alarm Definition window, except that the current information for the alarm you selected is filled in. To modify the alarm, make any changes you want, then click OK. For definitions of the various fields, see the section “Creating a New Alarm Definition” on page 130. Deleting Alarm Definitions To delete an alarm definition, select the alarm in the Alarm Definition List, and click the Delete button at the top of the page. After you verify that you want to delete the alarm, the definition is removed from the Alarm Definition List and from EPICenter’s database. You must remove alarm definitions one at a time. Alarm Categories Alarm categories are arbitrary collections of alarms that you can define as appropriate to your needs, and then assign to specific alarm definitions. For example, you might use categories to designate alarms from individual buildings, floors, or workgroups. An ISP might define categories for alarms from a specific customer’s equipment. By default, all alarms are assigned to the category named Default. This category can be renamed, but it cannot be deleted. Creating a New Alarm Category To create a new alarm category, click the Add button at the top of the window. 138 EPICenter Software Installation and User Guide Threshold Configuration A small pop-up window appears into which you can enter the name of the new category. Click OK to enter the new category into the Category List. Modifying an Alarm Category To rename an alarm category, click the Modify button at the top of the window. A small pop-up window appears and displays the current name of the category. Modify the name and click OK to enter the revised category into the Category List. When an alarm category is renamed, all alarms assigned to that category are updated to use the new category name. Deleting an Alarm Category To delete an alarm category, select the category from the Category List, then click the Delete button at the top of the window. WARNING! Deleting a category also deletes all the alarm definitions that are assigned to that category. If you do not want to delete those alarm definitions, you must first modify the alarm definitions to use a different alarm category before you delete the category. A warning message appears to let confirm that you want to delete the category and the alarm definitions that are assigned to it. Click OK to delete the category and the alarms from the EPICenter database. The Default category cannot be deleted. Threshold Configuration The Threshold Configuration page lets you define the conditions or rules that will cause certain trap events to occur, and specify the devices on which these rules should be configured. You can use this page to define thresholds for RMON utilization or CPU utilization. You can configure RMON threshold traps for a wide range of variables, but several (specifically port utilization, temperature, and STP topology change) have been partially predefined to make the rule definition process easier. In these types of events, traps are generated based on comparing the value of the relevant sample variable with a threshold value. The rules you set up specify the threshold values. Once these rules are in place, you can use them in your EPICenter alarm definitions to create alarms that will take actions when a trap is received for a sample value that crosses one of the thresholds you’ve defined. There are other SNMP traps supported by the EPICenter Alarm System, but not included in the threshold configuration function, that may require conditions to be set on the switch to define when a trap should occur. See “Configuring Other SNMP Trap Events” on page 152for additional information. In addition to specifying the conditions under which trap events should be generated, you also use this page to define the target devices on which the event rules should be configured. EPICenter Software Installation and User Guide 139 The EPICenter Alarm System NOTE Creating the rules that control trap (event) generation is only the first of the two steps required to create EPICenter alarms for these events. Even though you have set up these rules, the trap events generated as a result will be ignored by the Alarm System until you define alarms that take actions on those events. See “Defining Alarms” on page 129 for more information. To view the current threshold configuration rules, and to create new rules or modify existing rules, click the Threshold Configuration tab at the top of the page. The Alarm System Configuration page is displayed. Figure 56 shows the Alarm System Configuration page as it appears when displaying RMON rules for a device. Figure 56: The Threshold Configuration window showing RMON rules The Configurations tree shows the existing RMON rule definitions as nodes in the tree, with the devices to which they are applied shown as subnodes. The main panel shows the definition for the selected rule on each target device. CPU Utilization is a predefined node in the Configurations tree. Devices on which a CPU utilization rule is configured are shown as subnodes of the CPU Utilization node. There can be only one CPU utilization rule per device. Click the small plus next to a rule node to display in the tree the devices associated with that rule. To display the definition of a rule, click the rule node. 140 EPICenter Software Installation and User Guide Threshold Configuration RMON Rule Display For RMON rules, the display shows the following for each device targeted by that rule: • Device: The name of the device • Variable: The MIB variable being monitored • Sample Type: Absolute or Delta • Sample Interval: The time between samples, in seconds. • Rising Threshold: A threshold value that will trigger an event when the value of the variable increments past this value. • Falling Threshold: A threshold value that will trigger an event when the value of the variable decreases past this value. • Startup: The condition that will cause the initial event (Rising, Falling, or RisingOrFalling). • Index: the device index as obtained by the EPICenter server from the device. For a detailed definition of these parameters, see “Configuring an RMON Rule” on page 143. CPU Utilization Rule Display To display the CPU Utilization rules, click the CPU Utilization node in the Configurations tree. Figure 57 shows the Alarm System Configuration page as it appears when displaying CPU Configuration rules for a selected device. Figure 57: The Threshold Configuration window showing CPU Configuration rules EPICenter Software Installation and User Guide 141 The EPICenter Alarm System For each device targeted by that rule, the CPU Utilization rule display shows the following: • Device: The name of the device • Variable: The MIB variable being monitored (always extremeCpuUtilRisingThreshold.0) • Rising Threshold: A threshold value that will trigger an event when the CPU Utilization value (a percentage) increments past this value. This value is also used to calculate a Falling Threshold value, which is to be 90% of the Rising Threshold value. For a detailed definition of these parameters, see “Rule Configuration for the Predefined RMON Event Types” on page 148. Creating an Event Rule To create a new event rule, click the Add button at the top of the page. The New Configuration window is displayed, as shown in Figure 58. Figure 58: New Configuration window for an RMON Rule There are two parts to an event rule; the rule configuration itself, and the association of the rule to its target devices. The New Configuration window comes up with the Configuration page displayed. In the Configuration Type field, select the type of rule you want to create (RMON Event, CPU Utilization, Port Utilization, Temperature, or Topology change) from the drop-down list. NOTE CPU Utilization is only supported on switches running ExtremeWare 6.2 or later. STP Topology change traps are only supported on switches running ExtremeWare 6.2.2 or later. When you finish entering the configuration and target information, click the Apply button, and the new rule is added to the Configurations tree. For RMON rules, the rule name is included as a “folder” and 142 EPICenter Software Installation and User Guide Threshold Configuration each target device for the rule appears as a separate component under that rule. The rule name will also appear in the Event Name list. For CPU Utilization rules, each target device for a CPU utilization rule appears as a separate component under the CPU Utilization “folder” in the Configurations tree. Configuring an RMON Rule If you select RMON Event as the Configuration Type, the fields and buttons in this window are defined as follows: • Name: The name for this rule. • MIB Variable: The MIB variable that the rule will monitor. Type in the complete OID, or click the Look Up... button to bring up a list of variables that are available, organized by MIB groups, as shown in Figure 59. Figure 59: A list of MIB variables available for use in RMON rules Click on a variable group to display the individual variables within the group. You can use the up and down arrow keys to scroll the list. You can also type the beginning of a variable name into the MIB Variable field, then type a space, and the Alarm System will attempt to match your typing to the variable list and auto-complete your entry. MIB variables that apply to the entire device will have the suffix “.0” appended to them to create the complete OID. MIB variables that apply per port will be combined with the port ifIndex to generate the OID. NOTE The MIB variable list displays only the MIBs that were shipped with the EPICenter software. It does not display table variables in tables indexed by an index other than (or in addition to) ifIndex. EPICenter Software Installation and User Guide 143 The EPICenter Alarm System If the MIB variable you want to monitor does not appear in the MIB Variable lookup list, you can still use the variable by typing its complete OID into the MIB Variable field. Enter the OID in its numeric form, ending in .0 if it is a per device variable, or in the specific index if it is a per-port variable. If it is a table variable, you may need to enter each index and apply it to each target device one by one. • Description: The description of the MIB variable. This description should specify the units of measure for the variable, needed in order to correctly specify the Rising Threshold and Falling Threshold values. • Rising Threshold: A threshold value that will trigger an event when the value of the variable increments past this value. An event will be generated when the sample value meets the following conditions: — When the sample value becomes greater than or equal to the Rising Threshold for the first time after the alarm is enabled, if the Startup Alarm condition is set to Rising or RisingOrFalling — The first time the sample value becomes greater than or equal to the Rising Threshold, after having become less than or equal to the Falling Threshold • Falling Threshold: A threshold value that will trigger an event when the value of the variable decreases past this value. An event will be generated when the sample value meets the following conditions: — When the sample value becomes less than or equal to the Falling Threshold for the first time after the alarm is enabled, if the Startup Alarm condition is set to Falling or RisingOrFalling — The first time the sample value becomes less than or equal to the Falling Threshold, after having become greater than or equal to the Rising Threshold • Sample Type: The method used to compare the variable to the threshold. Specify the type as follows: — Absolute to use the actual sample value of the variable — Delta to calculate the difference between the current sample value and the previous sample value of the variable, and use the difference in the comparison • Sample Interval (seconds): The interval, in seconds, over which the data is sampled and compared to the rising and falling thresholds. • Startup Alarm: The condition that should be met to cause the initial occurrence of this event. Select from the following: — Rising: an event will be generated the first time the sample value becomes greater than or equal to the Rising Threshold value. No events will be generated related to the Falling threshold until after this has occurred. — Falling: an event will be generated the first time the sample value becomes less than or equal to the Falling Threshold value. No events will be generated related to the Rising threshold until after this has occurred. — RisingOrFalling: an event will be generated the first time the sample value becomes either greater than or equal to the Rising Threshold value, or less than or equal to the Falling Threshold value. It is important to understand that, except for the initial occurrence of the alarm, an RMON alarm event will be generated only the when the sample value of the variable crosses one of the thresholds for the first time after having crossed the other threshold. 144 EPICenter Software Installation and User Guide Threshold Configuration NOTE To configure an alarm using an RMON threshold event, select RMON Rising or RMON Falling as the Event Type. The following diagram, shown in Figure 60, shows how alarms are generated for an RMON rule using Delta values, where the startup alarm condition is set to “Rising” or “RisingOrFalling.” Figure 60: RMON Alarm event generation Sampled variable value Initial sample value B Rising threshold Falling threshold A E C D Time (sample intervals) = alarm event generated XM_022 Because the initial sample value of the variable is greater than the value of the Rising threshold, an RMON rising threshold trap is generated. A second trap occurs at the next sample interval (point A) because the sample variable value is now less than the Falling Threshold. At point B the value again passes the Rising Threshold, and another trap event is generated. However, no trap occurs at point C, even though the value of the variable again becomes greater than the Rising Threshold, because the value has not yet become less than the Falling threshold. Another Rising threshold trap event cannot occur until after a Falling threshold alarm has occurred, as happens at point D. Note that in order to have any of these trap events cause an alarm in the EPICenter Alarm System, you need to define an alarm that responds to a RMON Rising Threshold or RMON Falling Threshold event. • If you define an alarm based on the RMON Rising Threshold event, then EPICenter alarms will occur at the initial sample, and at points B and E. Because the alarm is defined to respond to RMON Rising Threshold events, the falling threshold trap events that occur at points A and D do not trigger an EPICenter alarm. • If you also define an alarm based on an RMON Falling Threshold event, then EPICenter alarms would also be generated at points A and D. For a more detailed discussion of Remote Network Monitoring alarm behavior, refer to a book such as SNMP, SNMPv2, SNMPv3, and RMON 1 and 2, Third Edition, by William Stallings (Addison-Wesley, 1999). EPICenter Software Installation and User Guide 145 The EPICenter Alarm System Configuring a CPU Utilization Rule NOTE CPU Utilization is only supported on switches running ExtremeWare 6.2 or later. If you select CPU Utilization, only the Rising Threshold field allows input, as shown in Figure 61. The other fields and buttons in this window are predefined. Figure 61: New Configuration window for a CPU Utilization Rule The fields displayed are defined as follows: • Rule Name— For CPU Utilization, the name is predefined because there can only be one rule of this type on a device. • Rising Threshold— A threshold value, in percent, that will trigger an event when the CPU utilization rises past this value. This value is also used to compute a falling threshold, which is defined as 80% of the rising threshold. • Description: The description of the extremeCpuUtilRisingThreshold MIB variable. The other parameters that you can set when you configure an RMON event, are predefined in the Extreme switch agent for a CPU Utilization event. These are: • MIB Variable: The MIB variable is predefined to be extremeCpuUtilRisingThreshold.0. • Falling Threshold: This is predefined as 80% of the rising threshold • Sample Interval: The sample interval for a CPU Utilization alarm is also predefined, and is set to 3 seconds • Sample Type: The sample value (a percentage) is always an absolute value • Startup Alarm: The Startup condition is predefined to be Rising NOTE To define an alarm for a CPU Utilization threshold event, select SNMP Trap as the Event Type, then select CPU Utilization Rising Threshold or CPU Utilization Falling Threshold as the Event Name. 146 EPICenter Software Installation and User Guide Threshold Configuration If you define an alarm for a CPU Utilization Rising Threshold event, an alarm will be generated each time the sample value meets the following conditions: — When the sample value becomes greater than or equal to the Rising Threshold for the first time (including the initial sample) after the alarm is enabled. — The first time the sample value becomes greater than or equal to the Rising Threshold, after having become less than or equal to the Falling Threshold (80% of the Rising threshold). If you define an alarm for CPU Utilization Falling Threshold events, an event will be generated each time the sample value meets the following conditions: — The first time the sample value becomes less than or equal to 80% of the Rising Threshold, after having become greater than or equal to the Rising Threshold. It is important to understand that, except for the initial occurrence of a Rising Threshold alarm, a CPU Utilization alarm will be generated only the when the sample value of the variable crosses the target threshold for the first time after having crossed the other threshold. The diagram shown in Figure 62 illustrates how CPU Utilization trap events will occur once you have configured a CPU Utilization rising threshold. The startup condition for a CPU Utilization event is always predefined to be Rising. Figure 62: CPU Utilization event generation Sampled CPU utilization value Initial sample value B C A Rising threshold Falling threshold (90% of rising) Z X Y Time (sample intervals) = alarm event generated XM_023 The first CPU Utilization trap occurs at the initial sample value, since the value is above the CPU Utilization Rising threshold. If the initial value were below the Rising threshold, no event would occur. The second event occurs at point X, because the sample value has fallen below the falling threshold, which is defined as 80% of the rising threshold value. The third event occurs at point A because the sample value is again above the Rising Threshold after having fallen below the Falling threshold. At point B the value again passes the Rising Threshold, but no alarm is generated because the value has not yet become less than the Falling threshold. Another Rising threshold alarm cannot occur until after a Falling threshold event has occurred, which happens at point Y. The next Rising threshold event happens at point C. EPICenter Software Installation and User Guide 147 The EPICenter Alarm System Note that in order to have any of these events cause an alarm in the EPICenter Alarm System, you need to define an alarm that responds to a CPU Utilization Rising Threshold or CPU Utilization Falling Threshold event. • If you define an alarm based on the CPU Utilization Rising Threshold event, an EPICenter alarm will occur at the initial sample, and at points A and C. Because the alarm was defined to respond to CPU Utilization Rising Threshold events, the falling threshold trap events that occur at points X and Y do not trigger an EPICenter alarm. • If you also define an alarm based on a CPU Utilization Falling Threshold event, then EPICenter alarms would be generated at points X and Y. Rule Configuration for the Predefined RMON Event Types The Port Utilization, Temperature and Topology Change configuration types are actually RMON utilization rules with a predefined configuration interface. The New Configuration window is the same (see Figure 61), except that you must provide a name for the rule. NOTE STP Topology change traps are only supported on switches running ExtremeWare 6.2.2 or later. The fields in this window are defined as follows: • Rule Name: The name for this rule. For these events, this is user-defined. • Rising Threshold: A threshold value that will trigger a trap event when the value of relevant variable rises past this value. The thresholds are specified based on the configuration type as follows: — Port Utilization — A threshold value, in 100ths of a percent, that will trigger an event when the port utilization rises past this value. — Temperature — A threshold value, in degrees celsius, that will trigger an Overheat event when the temperature rises past this value. — Topology Change — An integer threshold value that will trigger a topology change event when the total number of topology changes seen by this device since the management entity was last reset or initialized, rises past this value. For these rules, like a CPU utilization rule, the falling threshold is automatically defined based on the value of the rising threshold. The falling threshold is set to be 90% of the rising threshold value. • Description: The description of the relevant MIB variable for the selected rule type. The other parameters that you can set when you configure an RMON event, are predefined in the Extreme switch agent for these three events. These are: • MIB Variable: The MIB variable is predefined to be one of the following: — For Port utilization: extremeRtStatsUtilization.0 — For Temperature: extremeCurrentTemperature.0 — For Topology Change: dot1dStpTopChanges.0 • Falling Threshold: This is predefined as 90% of the rising threshold. • Startup Alarm: The Startup condition is predefined to be Rising or falling. • Sample Interval: The sample interval is also predefined, and is set to 15 seconds. • Sample Type: The sample value is an absolute value. 148 EPICenter Software Installation and User Guide Threshold Configuration NOTE To define an alarm using one of these predefined threshold events, select RMON Trap Rising Alarm or RMON Trap Falling Alarm as the Event Type in the Alarm Definition window. Configuring the Rule Target Click the Target tab to display the New Configuration Target page, as shown in Figure 63. This page lets you specify which devices should be configured to generate the event you have defined. Figure 63: RMON target selection window The fields and buttons in this window are defined as follows: • Source Type: The source of the RMON rule targets (Devices, Device Groups, Ports, or Port Groups). Select the type you want from the pull-down list. The choices you have are determined by the variable you selected for the rule. For example, if the variable you have selected to monitor is applied per port, you will be able to select by Port or Port Group. • Source List (Device/Device Group/Port Group): The list of components (devices or groups) of the specified type. The field label changes based on the Source Type. It is labeled Device when you select either Device or Ports (a second Port field is provided for port selection). Note that when you leave your cursor on a device for a moment, a pop-up displays the IP address of the device. • Source List (Port): The list of ports available on the device selected in the Devices Source list. This list appears only if you’ve selected Ports as the Source Type. Select a device from the Device list, and the appropriate set of ports for the device appears. • Selection: The devices, ports, device groups, or port groups that are currently targets for the RMON rule. • Add->: Adds the selected Device(s), Port(s), Device Groups or Port Groups to the Selections list, for inclusion as a target for this rule. • Add All->: Adds all the components in the Source list to the Selection list • <-Remove: Removes the selected components from the Selection list. EPICenter Software Installation and User Guide 149 The EPICenter Alarm System • <-Remove All: Removes all the components from the Selection list. RMON Rule Configuration Example Example: Create an RMON rule that will cause an RMON Rising Trap when port utilization on port 10 of device “switch8” exceeds 15%. 1 Bring up the New Configuration dialog. On the Configuration page, do the following: a Type a name for the rule in the Name field (for example, “WAN Link 15%”). If you have already created an alarm definition that will use this rule, make sure the name matches the name you entered in the alarm definition. b Click the Look up... button to display the Select MIB Variable dialog. c Expand the Extreme folder, select the extremeRtStatsUtilization variable, and click OK to enter it into the MIB Variable field. d Type “1500” in the Rising Threshold field. Note that for this variable the value must be in hundredths of a percent. e Type a smaller value, for example “1450” in the Falling Threshold field. f Leave the Sample Type as “Absolute” and the Sample Interval at the default value (15). g Select Rising for the Startup Alarm field. 2 Click the Target tab and do the following: a Select Port as the Source Type b Select “switch8” from the Device list c Select 10 from the ifIndex list d Click Add to add the port to the Selection list 3 Click the Apply button to configure the rule on device switch8. A message window will appear with the device configuration results. 4 Verify that no switch configuration errors have been reported, and click OK to dismiss the window. 5 Click Close to dismiss the New Configuration dialog. Modifying a Rule Once a set of RMON rules have been created, they must be modified individually. To modify a RMON rule do the following: 1 Select the rule folder or the individual rule name in the Configurations tree to display the rule details in the main panel of the window. 2 Select the individual rule you want to modify 3 Click the Modify button at the top of the page. The Modify Configuration window is displayed for the target you selected. 150 EPICenter Software Installation and User Guide Threshold Configuration Figure 64: Modify Configuration window for RMON rules The window shows the same information as the Configuration page of the New Configuration window, but with the information for the current target filled in. See “Configuring an RMON Rule” on page 143 for a definition of the fields on this page. This window is displayed for all existing RMON rules, including the three predefined rules (Temperature, Port Utilization, and Topology Change). For CPU Utilization rules, only three fields are shown, and only the Rising Threshold field can be changed. Note that if you change the name of this rule, the new rule will be added as a “folder” in the Configurations tree, and this specific rule target will be moved under the new rule. Deleting a Rule To delete an RMON or CPU Utilization rule, do the following: 1 Select the rule folder or the individual rule name in the Configurations tree to display the rule details in the main panel of the window. 2 Select the individual rule or rules you want to delete 3 Click the Delete button at the top of the window. 4 When the warning asking you to confirm that you want to delete is displayed, click Yes to delete the rule(s) or No to cancel the action. When you delete a rule, the alarm definition that references the rule is not deleted. Resynchronizing the RMON Rules To resynchronize EPICenter’s database with the RMON rules in place on a switch, do the following: 1 Click the Sync button at the top of the window. The Synchronize RMON Rules window is displayed, as shown in Figure 65. EPICenter Software Installation and User Guide 151 The EPICenter Alarm System Figure 65: The Synchronize RMON Rules window You can resynchronize individual devices or all devices in a device group. 2 To select a device group, select Device Group from the pull-down list in the Source Type field. A list of device groups will be displayed. To select individual devices, select Devices in the Source Type field. A list is displayed showing all the Extreme Networks devices managed by EPICenter. 3 To add a device or device group to the Selection list, select the device or device group and click Add ->. To add all devices or device groups in the list, click Add All ->. 4 To remove a device or device group from Selection list, select the item and click <- Remove. To remove all devices or device groups, click <- Remove All. 5 Click Synchronize to initiate the synchronization process. The Alarm Manager uses SNMP to retrieve configuration and status information from each selected switch, and updates the database with that information. 6 The Synchronize function displays a dialog box with status or error information. Click OK to continue. 7 Click Close to exit the Synchronize RMON Rules window. Configuring Other SNMP Trap Events There are a number of SNMP events that require configuration on the switch before they can be used in EPICenter alarm definitions. If the configuration is not done on the switch, no trap events are generated, and no EPICenter alarms for those events can occur. The Ping and OSPF traps fall into this category. To configure the switch to send one of these traps, you must use a tool that allows you to set the value of the appropriate SNMP variable. Tools such as SNMPc can be used to perform this function. The following information assumes that you have a thorough understanding of SNMP and an appropriate SNMP utility. Refer to the appropriate MIBs for details of the variable settings: • Ping MIB: pingmib.mib (RFC 2925) • OSPF v2 MIB: RFC 1850 or RFC 1850t 152 EPICenter Software Installation and User Guide Configuring EPICenter as a Syslog Receiver Configuring EPICenter as a Syslog Receiver To receive Syslog messages, the Syslog receiver function of EPICenter must be enabled, and remote logging must be enabled with EPICenter configured as a Syslog receiver on the devices from which you want to receive Syslog messages. The Syslog server function within EPICenter can be enabled through the Administration applet. See “Devices Properties” in Chapter 16 for more information. On the device side, remote logging must be enabled, and the switch must be configured to log to the EPICenter server. The default on Extreme Networks switches is for logging to be disabled. You must use the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches. To enable remote logging on a switch, enter the ExtremeWare command: enable syslog To configure the EPICenter server as a Syslog server, enter the ExtremeWare command: config syslog <EPICenter IP address> <facility> You must enter the IP address of the EPICenter server, and a facility level, which can be local0 through local7. See the ExtremeWare Software User Guide or the ExtremeWare Software Command Reference Guide for more information on these commands. To configure remote logging on multiple devices, you can run these commands as a macro in the EPICenter Telnet module. You can also include a severity in the config syslog command, which will filter log messages before they are sent to the EPICenter Syslog server. The EPICenter Syslog server will in turn filter the incoming messages based on the severity you set using the Accept SysLog messages with Min Severity property setting in the Administration applet. Setting EPICenter as a Trap Receiver When Extreme devices are added to the EPICenter inventory, they are automatically configured to send traps to the EPICenter server. However, third-party devices are not automatically configured to do so. If you want alarms to function for third-party devices, you must manually configure the devices to send traps to the EPICenter server. The information required to set up EPICenter as a trap receiver is the following: • The IP address of the system where the EPICenter server is running. • The EPICenter server trap port. By default this is 10550. (This is set in the properties file extreme.properties, found in the <epicenter_installdir>/extreme subdirectory). EPICenter Software Installation and User Guide 153 The EPICenter Alarm System • The EPICenter server community string. This is a string in the form: ST.<value of IP address>.<value of trap port> The value of the IP address is the decimal equivalent of the hex value of the IP address. For example, if the IP address of the EPICenter server is 10.0.4.1, you would calculate the decimal equivalent by doing the following: a Convert each quad of the IP address to its hex equivalent: Decimal 10 0 4 1 Hex a 00 04 01 b Convert the hex value a000401 into a decimal value, in this case 167773185 c Put the three components together to form the community string: ST.167773185.10550 You can find and verify the value of the community string by using Telnet to log into an Extreme Networks device that is being managed by EPICenter, and using the ExtremeWare CLI command show management to display the list of trap receivers configured for that device. The EPICenter server, and its community string, should be included in this list. To receive RMON traps, you need to ensure that RMON is enabled on the device. For Extreme devices, you can do this through the ExtremeWare CLI with the command enable rmon. Log Archive The EPICenter server stores a minimum of 10 days of event log history and a minimum of 10 days of alarm log history in the server database. Excess data from the event log and alarm log are archived to files. The event log archive is made up of two 30MB rotating archive files and includes all traps and Syslog messages. The event log is stored in a file called event_log.txt and the archive file is called event_log.old. The alarm log archive is made up of two 6 MB rotating files and includes all alarms associated with traps and Syslog messages. The alarm log is stored in a file called alarm_log.txt and the archive file is called alarm_log.old. Archiving is performed once every 24 hours. If you need to store additional historical data beyond the two 30 MB file limit for events and the 6 MB file limit for alarms, you can periodically make backup copies of the archive files to a separate location. Refer to Appendix F, “EPICenter Backup” for more information about alarm log backups. 154 EPICenter Software Installation and User Guide Writing Tcl Scripts for Alarm Actions Writing Tcl Scripts for Alarm Actions An EPICenter alarm can call a Tcl function as an alarm action. This Tcl function can be a user-defined Tcl script that is executed in the EPICenter server. There is an example script in the <epicenter_install_dir>/user/alarms directory called example.tcl that you can use as a guide to writing a Tcl function for an alarm action. You can access the EPICenter alarm variables for use in your script, as demonstrated in the example script. These variables are defined in Table 4 on page 132. The Tcl Scripting Environment The scripting environment for alarm actions is a fully operational Tcl environment. In this environment, a Tcl action script can save states across multiple alarms using global variables, access alarm instance data, access event log data, and access other EPICenter server-side data. In order to protect the EPICenter server from malicious or erroneous alarm action scripts, the alarm script execution environment uses the “safe interpreter” ability of the Tcl system. The safe interpreter is a slave of the main EPICenter server-side Tcl interpreter (master interpreter). The functions of the safe interpreter are restricted so that it cannot do harm to the overall EPICenter server. A safe interpreter creates a private “sandbox” in which the alarm action scripts executes. The master interpreter hides certain functions from the scripts inside the sandbox. The master interpreter performs some other functions on behalf of the slave interpreter. By performing functions for the slave, the master has a chance to check to see if the slave’s request is valid. If not, the master rejects the slave’s request. The following table summarizes the Tcl commands that are deemed dangerous for use by a Tcl alarm action script. Some of these commands are removed entirely from the Alarm Tcl environment. Others are aliases so that the master interpreter can intercept the command call to provide restricted operations. Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter Tcl Command Hidden in Safe Interp Explicit Hide by EPICenter Alias in Master Description cd ✔ file ✔ pwd ✔ Not allowed exec ✔ Not allowed glob ✔ ✔ Full functions socket ✔ ✔ No server-side socket, client socket is opened in async mode; the opened client socket is placed in nonblocking mode using the default buffer size; the number of open socket is restricted exit ✔ Not allowed load ✔ Not allowed source ✔ EPICenter Software Installation and User Guide Not allowed ✔ ✔ Only allow: attime, attributes (read-only), dirname, executable, exists, extension, isdirectory, isfile, join, lstat, mtime, nativename, owned, pathtype, readable, readlink, rootname, size, split, stat, tail, type, volume, writable Only from standard $tcl_library and user/alarm directory, and subdirectories 155 The EPICenter Alarm System Table 5: Command Restrictions in EPICenter Tcl Safe Interpreter (continued) fconfigure ✔ ✔ All channels are non-blocking by default, cannot set channel to blocking; cannot set channel buffer size open ✔ ✔ Can only open file in user/alarm and its subdirectories; file is opened in nonblocking mode using the default buffer size; number of open file is restricted vwait ✔ encoding ✔ not Allowed ✔ after puts ✔ Cannot change system encoding scheme ✔ Cannot do “after ms”, which does not respond to events ✔ puts data to stdout The following table outlines the EPICenter server side commands that available in the slave interpreter through aliases. EPICenter Command Alias in Master extr::query ✔ Description Retrieve server-side data from the database. Syntax: extr::query {} ?-raw? sql ?arg arg ...? {} The first argument must be {}. Using {} signals the command to retrieves data from the EEM server, in which the alarm action scripts are executing. -raw (Optional) If specified, the result of the query is returned unparsed as a string containing the data in the XML format. sql The sql query arg ... Arguments to the sql query for variable substitution extr::sendMail ✔ Sends e-mail through the EPICenter server. Syntax: extr::sendMail toList from subject body ?smtpHost? ?login? ?password? toList A list of recipient’s email addresses from The email address of the sender subject body The subject of the email The text of the email smtpHost (Optional) The host ip address of the SMTP host. If not specified, use the default as defined in the alarm system. login (Optional) The login name to the SMTP host password (Optional) The password to the SMTP host extr::postEvent ✔ Log an event to the server’s event log. The event time is logged. Syntax: extr::postEvent message message - the message of the event 156 EPICenter Software Installation and User Guide 6 Configuration Manager This chapter describes how to use the EPICenter Configuration Manager applet for: • Uploading configuration settings from one or more devices to EPICenter, on demand or at a predefined (scheduled) time. • Downloading configuration settings from EPICenter to a device. • Downloading an incremental configuration to one or more devices. • Downloading a new ExtremeWare image to one or more devices. • Downloading a BootROM image to one or more devices. • Downloading a new ExtremeWare image to one or more Extreme modules. • Downloading a BootROM image to one or more Extreme modules. • Specifying an ExtremeWare software image as the “recommended” image. The Configuration Manager will compare the image currently running in a switch to determine if the switch is running the recommended or most current image. • Performing a live software update by retrieving the latest ExtremeWare software images from Extreme Networks. • Specifying and configuring the TFTP server to be used for uploading and downloading configuration settings and software images. • Searching for a specific device or group of devices. • Displaying device and device group parameters • Multi-step upgrade. Overview of the Configuration Manager The EPICenter Configuration Manager applet provides a graphical interface for uploading and downloading files to and from managed devices. The Configuration Manager also provides a framework for storing the configuration files, to allow tracking of multiple versions. Configuration file uploads can be performed on demand, or can be scheduled to occur at regular times—once a day or once a week. The Configuration Manager supports Extreme Networks and Cisco devices. To start the Configuration Manager applet, click the Config button in the EPICenter Navigation Toolbar. The Configuration Manager applet appears (see Figure 66). EPICenter Software Installation and User Guide 157 Configuration Manager When the applet initially appears, it shows the status of the device group(s) defined in EPICenter. Click a device group name in the Component Tree to display the summary status for the devices in the group, as shown in Figure 66. Figure 66: Configuration Manager showing summary device status This display shows a summary of the upload and download activity for each managed device, as follows: • Status—The status of the most recent configuration activity. A green check indicates that the activity was successful. A red X means that the activity (upload or download) did not complete successfully. • Name—The device name. • S/w Version—The version of the ExtremeWare software that is currently running in the device. • BootROM—The version of the bootROM currently running in the device. • Next Scheduled Upload—The date and time for the next Archival upload, if one is scheduled. • Last Activity—The last activity (upload or download of a configuration file, software image, or BootROM) that has taken place through the EPICenter Configuration Manager for this device. • Last Activity Schedule—The date and time that the activity occurred. • Last Activity FilePath—The name and path of the configuration file or image file that was involved in the last activity. You can display the upload and download status of the configuration information, software, and BootROM by clicking on an individual device in the Component Tree in the left-hand panel of the window. This displays a status window for the device similar to the one shown in Figure 67. 158 EPICenter Software Installation and User Guide Overview of the Configuration Manager Figure 67: Configuration and Software status for an individual device The device status window displays the following information: • The success status, timestamp, and file name and location for configuration uploads and downloads. If archiving is scheduled, it also displays the time of the next scheduled archive. • The success status, timestamp, and versions for software downloads, as well as version information for both the primary and secondary software stores. • BootROM version information (at the bottom of the scrollable window, not visible in Figure 67). Viewing Device Information from Pop-up Menus You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains the Upload, Archive, Download, Increment, Upgrade, Devices, and Properties commands. All of the commands—with the exception of the Properties command—perform the same functions as the buttons at the top of the page, but with the appropriate device or device group displayed. The Properties command displays the attributes for a specific device group or device. The device pop-up menu also contains the Alarms, Browse, EView, Statistics, Sync, Telnet, and VLANs commands. All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed. Upload The Upload function lets you upload configuration information from one or more devices to EPICenter. To view the Upload Configuration display for a selected device group or device: • Right-click on the device group or device, then select Upload from the pop-up menu that appears or click Upload from the Tool Bar. EPICenter Software Installation and User Guide 159 Configuration Manager This opens the Upload Configuration from Devices window. See “Uploading Configurations from Devices” on page 163 for details on using this feature. Archive The Archive function lets you schedule device configuration archive uploads. To view the Archive display for a selected device group or device: • Right-click on the device group or device, then select Archive from the pop-up menu that appears or click Archive from the Tool Bar. This opens the Schedule Upload window. Select the appropriate tab to display the Device Schedule window or the Global Schedule window. See “Archiving Configuration Settings” on page 165 for details on using this feature. Download The Download function lets you manually update device configuration and status information. To view the Download display for a selected device group or device: • Right-click on the device group or device, then select Download from the pop-up menu that appears or click Download from the Tool Bar. This opens the Download Configuration to Devices window and displays the devices in a device group. If configuration information has been uploaded from the device, the file where it was saved is listed in the Last Upload Configuration column. See “Downloading Configuration Information to a Device” on page 168 for details on using this feature. Increment The Increment function lets you execute only the commands specified in the incremental download file. The incremental download file is used as a baseline configuration for devices running ExtremeWare 6.0 or later. To view the Incremental display for a selected device group or device: • Right-click on the device group or device, then select Increment from the pop-up menu that appears or click Increment from the Tool Bar. This opens the Download Incremental Configuration to Devices window. See “Downloading an Incremental Configuration to Devices” on page 169 for details on using this feature. Upgrade The Upgrade function lets you upgrade the ExtremeWare software or BootROM image on Extreme devices or to Extreme modules that include software. 160 EPICenter Software Installation and User Guide Overview of the Configuration Manager To view the Upgrade display for a selected device group or device: • Right-click on the device group or device, then select Upgrade from the pop-up menu that appears or click Upgrade from the Tool Bar. This opens the Download Image window. Select the appropriate tab to display the Device window or the Device Slot window. See “Upgrading Software Images” on page 170 for details on using this feature. Devices This menu contains the following device-related submenus: Alarms, Browse, EView, Statistics, Sync, Telnet, and VLANs. NOTE The Sync submenu is disabled if the device is offline. Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5 for details on using this feature. Browse The Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new web browser window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears EPICenter Software Installation and User Guide 161 Configuration Manager This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10 for details on using this feature. Statistics The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Device from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device. See Chapter 11 for details on using this feature. Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. See Chapter 4 for details on using this feature. Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device: • Right-click on the device, then select Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7 for details on using this feature. VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database. 162 EPICenter Software Installation and User Guide Uploading Configurations from Devices See Chapter 13 for details on using this feature. Properties The Properties function lets you view the attributes for a device group or a device. To view the Properties display for all device groups: • Right-click on the Device Groups component, then select Properties from the pop-up menu that appears The Device Groups Properties window appears and displays the number of device groups and the names of the device groups that are known to EPICenter. To view the Properties display for a selected device group: • Right-click on the device group, then select Properties from the pop-up menu that appears The Device Group Properties window appears and displays the attributes for the selected device group. To view the Properties display for a selected device: • Right-click on the device, then select Properties from the pop-up menu that appears The Device Properties window appears and displays the attributes for the selected device. See “Displaying Properties” on page 187 for details on using this feature. Uploading Configurations from Devices To upload the configuration information from one or more devices, click the Upload button at the top of the window. The Upload Configuration from Devices window appears, as shown in Figure 68. EPICenter Software Installation and User Guide 163 Configuration Manager Figure 68: The Upload Config window To upload device configurations to EPICenter, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. 2 From the Available Devices list, select the devices from which you want to upload configuration information, then click the Add-> button. If you want to upload from all the devices in the device group, click the Add All-> button. The devices you select will be moved to the Devices for Upload list. To remove devices from the Devices for Upload list, select the devices and click the <-Remove button. This moves the selected devices back to the Available Devices list. Click <-Remove All to move all the devices in the Devices for Upload list back to the Available Devices list. 3 Specify where the uploaded information should be stored: a Select Archive to create files for each upload under the EPICenter Configs directory, in a subdirectory hierarchy organized by year, month, and day. The form of the fully-qualified file names for these files is: <tftp_root>\configs\<year>\<month>\<day>\<device_address>_<time>.txt where <tftp_root> is the location of your TFTP server. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. <EPICenter_install_dir> is the EPICenter installation directory, by default epc4_1. For example, a file uploaded from device Summit24 (10.205.0.25) on September 1, 2000 at 8:06 am, would be saved as follows: c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\configs\2000\Sept\01\10.205.0.25_0806.txt 164 EPICenter Software Installation and User Guide Archiving Configuration Settings NOTE If you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 186), the configs subdirectory will be found directly below (as a child of) your TFTP root directory. b Select Specify to specify your own directory structure and file naming convention relative to the TFTP root’s configs subdirectory. The structure will be of the form: <tftp_root>\configs\<file_location>\ <device_address>_<filename_trailer>.txt In the File Location field, specify the <file_location> path where the files should be stored, starting from the configs subdirectory. DO NOT include <tftp_root>\configs as part of the path; just include the remaining path. In the FileName Trailer field, you can specify a string to be appended to the device address to create a file name. For example, if you specify a file name trailer of “week_8_backup” then the filename for the device Summit24 would be 10.205.0.25_week_8_backup.txt. 4 Click Apply to start the upload process. The Reset button restores all the fields to their initial state. Archiving Configuration Settings You can schedule the uploading (archiving) of configuration information so that it is done automatically, either once a day or once a week. By default, all new devices added to the EPICenter database use the global schedule and do not have a set schedule for uploading configuration information. In the Admin applet, you can specify whether the device configurations are uploaded only when the device configuration has changed, or if switch configurations are always uploaded at the scheduled archive time. See Chapter 16 for more information about how to set the uploading configuration settings. Device Schedules A device, a set of devices, or one or more device groups can be scheduled for archive individually and independently of other device upload schedules. To schedule device configuration archive uploads, click the Archive button at the top of the window. The Schedule Upload window appears, as shown in Figure 69. EPICenter Software Installation and User Guide 165 Configuration Manager Figure 69: Schedule Upload window To schedule the upload of device configurations, do the following: 1 Select the appropriate tab to display the Device Schedule window. 2 Select a device group or All Devices from the drop-down menu in the Device Group field. 3 From the Available Devices list, select the devices for which you want to schedule the upload of configuration information, then click the Add-> button. If you want to create the same schedule for all the devices in the device group, click the Add All-> button. The devices you select will be moved to the Devices for Scheduling list. To remove devices from the Devices to Scheduling list, select the devices and click the <-Remove button. This moves the selected devices back to the Available Devices list. Click <-Remove All to move all the devices in the Devices for Scheduling list back to the Available Devices list. 4 Specify the schedule you want: No Schedule will remove any schedule associated with the selected device(s). Repeat Every Day indicates that the upload should be done every day at the specified time. When you select this option, you will be able to specify the time of day (the hour and minutes) at which the upload should be done. Repeat Every Week indicates that the upload should be done every week at the specified day and time. When you select this option, you will be able to specify the time of day (the hour and minutes), and the day of the week at which the upload should be done. 5 Click Apply to have the upload schedule set for these devices. Click the Reset button to return the schedule to its state when you initiated this window. 166 EPICenter Software Installation and User Guide Archiving Configuration Settings Global Schedules When you use the Inventory Manager to add devices to the EPICenter database, the devices use the global schedule for configuration uploads. If you have a device or series of devices that require a configuration upload schedule that differs from the global schedule, see “Device Schedules” on page 165 for information on how to create an individual configuration schedule. You can modify global configuration uploads for all devices that use the global schedule by clicking the Archive button at the top of the window. The Schedule Upload window appears, as shown in Figure 69. To schedule the global upload of device configurations, do the following: 1 Select the appropriate tab to display the Global Schedule window, as shown in Figure 70. Figure 70: Global Schedule Upload window 2 Specify the global schedule you want: No Schedule will remove any schedule associated with the device(s) that use the global schedule. Repeat Every Day indicates that the upload should be done every day at the specified time for devices that use the global schedule. When you select this option, you will be able to specify the time of day (the hour and minutes) at which the upload should be done on. Repeat Every Week indicates that the upload should be done every week at the specified day and time for devices that use the global schedule. When you select this option, you will be able to specify the time of day (the hour and minutes), and the day of the week at which the upload should be done. 3 Click Apply to set the global upload schedule for the devices that do not have a set configuration schedule. Click the Reset button to return the schedule to its state when you initiated this window. EPICenter Software Installation and User Guide 167 Configuration Manager Downloading Configuration Information to a Device Downloading a configuration does a complete configuration download, resetting the current switch configuration and replacing it entirely with the new downloaded configuration. The switch will be rebooted automatically after the download has completed. Configuration downloads are supported on Extreme Networks devices and Cisco devices running IOS 12.0 and above. To download saved configuration information to a device, click the Download button at the top of the window. The Download Config to a device window appears, as shown in Figure 71. Figure 71: Download configuration window To download a configuration to a device, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. 2 Select the device from the device list presented. You can only download to one device at a time. If configuration information has been uploaded from the device, the file where it was saved is listed in the Last Uploaded Config column. 3 In the File Location field, type the location and name of the file you want to download, or click the Show Uploaded Configs button and select the file to be downloaded. The Browse pop-up displays the list of uploaded files for the selected device. 4 To automatically save the configuration file after the device reboots, check the Save Configuration to: checkbox and select the configuration file from the pull-down menu. You can select the Current, Primary, or Secondary configuration file. Click Reset to clear all of the selections and to restore the download configuration window to its initial state. 168 EPICenter Software Installation and User Guide Downloading an Incremental Configuration to Devices 5 To start the download, click the Apply button. Downloading an Incremental Configuration to Devices You can create or designate a set of configuration information to be used as a baseline configuration for devices running ExtremeWare 6.0 or later. Using an incremental download to execute a baseline configuration provides a known, “standard” configuration that you can use to ensure that devices are configured into a known state. For example, if you want to set a group of devices to the same basic configuration, you can first set individual IP addresses on each device, and then use the incremental configuration download feature to set all other configuration settings on all devices to a common state. An incremental configuration download executes only the commands specified in the incremental download file. It does not reset the switch configuration or replace any other configuration settings that may exist in the device. No reboot is necessary. The EPICenter incremental download does not save the configuration; you must do so. Incremental downloads are supported on Extreme Networks devices running ExtremeWare 6.0 or later and on Cisco devices running IOS 12.0 or later. To download an incremental configuration to a device, click the Increment button at the top of the window. The Download Incremental Config To Devices window appears, as shown in Figure 72. Figure 72: Download incremental configuration window From this window, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. 2 From the Supported Devices list, select the devices for which you want to download the baseline configuration, then click the Add-> button. If you want to download the baseline configuration to all the devices in the device group, click the Add All-> button. The devices you select will be moved to the Download Incremental Config to: list. EPICenter Software Installation and User Guide 169 Configuration Manager To remove devices from the Download Incremental Config to: list, select the devices and click the <-Remove button. This moves the selected devices back to the Supported Devices list. Click <-Remove All to move all the devices in the Download Incremental Config to: list back to the Supported Devices list. 3 Select the baseline configuration you want to download from the pull-down list in the Available Incremental Configs field. 4 Click Apply to start the baseline download to the selected device. NOTE The EPICenter software does not save the configuration on the device after the download. You can use the Telnet applet to open a telnet session on the affected devices and execute a save configuration command. NOTE The Configuration Manager will display an error if you attempt an incremental download on a switch running a version of ExtremeWare prior to 6.0. Creating an Incremental Configuration File The purpose of an incremental configuration is to provide a set of known, standard configuration settings you can download to a device to restore it or initialize it to a known software state. To create an incremental configuration, you can start with a configuration file you have uploaded, or one of the standard configuration. You can edit it, if needed, to reflect the basic configuration settings you want to use as your baseline configuration, and to remove settings you don’t want changed. Incremental configuration files must be stored in the <tftp_root>\baselines directory, where <tftp_root> is the location of your TFTP server. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. <EPICenter_install_dir> is the EPICenter installation directory, by default epc4_1. Thus, if you installed the EPICenter server under Windows 2000 or Windows XP using the default installation path, your incremental configurations must be in c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\baselines, unless you have reconfigured your TFTP root directory. You can name an incremental configuration file any way you want. NOTE If you have reconfigured your TFTP root directory (see “Configuring the TFTP Server” on page 186), the baselines subdirectory will be found directly below (as a child of) your TFTP server root directory. Upgrading Software Images The ExtremeWare software image contains the executable code that runs on the switch and on certain Extreme modules that include software. An image comes pre-installed from the factory on every switch and on certain modules. You can upgrade this image by downloading a new version through the 170 EPICenter Software Installation and User Guide Upgrading Software Images Configuration Manager. You can download the image into either the primary or secondary image, and specify whether the switch should be rebooted to use the new image. The BootROM software initializes certain important switch variables during the switch boot process. CAUTION If a BootROM upgrade does not complete successfully, it could prevent the switch from booting. When you perform a software image upgrade, EPICenter automatically creates a backup of your existing switch configuration. Switch configuration files are saved as text files in the <tftp_root>\configs directory, where <tftp_root> is the location of your TFTP server. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. The name of the configuration file contains the switch IP address and a timestamp, and the file is saved in folders according to the day, month, and year of the upgrade. Performing a Multi-Step Upgrade EPICenter allows you to perform a procedure called a multi-step upgrade. Using the multi-step upgrade EPICenter automatically determines the appropriate upgrade path for both the device BootROM and image. The EPICenter client software compares the desired (destination) image and BootROM versions to the existing (source) image and BootROM versions loaded on the switch to determine what intermediate steps, if any, are required. Only Extreme Networks “i-series” switches are evaluated for a multi-step upgrade. Extreme devices that are not part of the “i-series” can be upgrade only using a single step method. NOTE For more information on upgrading your Extreme switch, see the ExtremeWare Release Notes. Upgrade Logic The multi-step upgrade features uses the following logic: • If the destination image version is greater than or equal to ExtremeWare version 6.1.9, first check the BootROM version. The bootrom version must be at least Boot 7.6, if not, upgrade the BootROM to Boot 7.6. • If the source software image version is less than ExtremeWare version 6.1.9 and the destination image is greater than ExtremeWare version 6.1.9, upgrade the software image version to ExtremeWare version 6.1.9. • If the source software image version is less than ExtremeWare version 6.2.2 and the destination image version is greater than ExtremeWare version 6.2.2, upgrade the device to ExtremeWare version 6.2.2. • If the destination software version is greater than or equal to ExtremeWare version 7.0.0, first check the BootROM version. The BootROM version must be at least Boot 7.8, if not, upgrade to Boot 7.8. • The final step is to upgrade to the destination software image version. This fulfills the requirement to upgrade the software image version to ExtremeWare version 6.1.9, ExtremeWare version 7.0.0, or other version range. EPICenter Software Installation and User Guide 171 Configuration Manager Multi-Step Upgrade Procedure The multi-step upgrade procedure involves upgrading the switch multiple times in order to get from the source software image version to the destination software image version. EPICenter performs the upgrade procedure for each iterative step along the way. Each time you iteratively upgrade the device during a multi-step upgrade, you should perform the following tasks: • Back up the current device configuration. • Perform the current upgrade. • Reboot the device. • Restore the device configuration (software image upgrade, only). • Reboot the device (software image upgrade, only). • Synchronize the device and the EPICenter database. For information on synchronizing the device and the database, see Chapter 4. NOTE When the device reboots, the EPICenter server waits until the device reboot is complete and the device loads its configuration file. If the EPICenter server times out while the device is rebooting, it is possible that the device reboot time is longer than what the server will waits before timing out. Obtaining the Image and BootROM Versions Before you perform a multi-step upgrade, make sure that you have all of the required image and BootROM versions available on your EPICenter client machine. To get the image and BootROM versions, use the Live Update feature, as described in “Performing a Live Software Update” on page 183. Specifying the Image and BootROM Versions When you perform a multi-step upgrade, you must specify each file that you want the switch to use for each upgrade step using the file upgrade.properties. This file is located in <installdir>/extreme/upgrade.properties. The upgrade.properties file contains the following: # # # # # # # # # # # # # # 172 Extreme Networks EPICenter Config Manager - Multi-step Upgrade NOTE: Please read all documentation and release notes before proceeding The Upgrade feature in the Config Manager will use these values to determine the upgrade steps for devices - Each entry is, by default, commented out - Verify the filename is correct and is available EPICenter Software Installation and User Guide Upgrading Software Images # # # # # on the server for each device type. - Then uncomment the entry DO NOT DELETE ANY OF THE LINES, COMMENT OUT IF UNUSED #summit_inferno.boot.7.6 = ngboot76.bin #summit_inferno.6.1.9 = v619b27.xtr #summit_inferno.6.2.2 = v622b56.xtr #summit_inferno.boot.7.8 = ngboot78.bin #alpine_inferno.boot.7.6 = ngboot76.bin #alpine_inferno.6.1.9 = v619b27.xtr #alpine_inferno.6.2.2 = v622b56.xtr #alpine_inferno.boot.7.8 = ngboot78.bin #blackdiamond_inferno.boot.7.6 = ngboot76.bin #blackdiamond_inferno.6.1.9 = v619b27.xtr #blackdiamond_inferno.6.2.2 = v622b56.xtr #blackdiamond_inferno.boot.7.8 = ngboot78.bin By default, all values are commented out. You must uncomment each file that the switch will need in order to complete the multi-step upgrade. Upgrading Images on Devices To download a new ExtremeWare software image to an Extreme device, click the Upgrade button at the top of the window and select the Device tab. The Download Image on Device window appears, as shown in Figure 73. EPICenter Software Installation and User Guide 173 Configuration Manager Figure 73: Download Image on Device window To download a new software image to one or more Extreme Devices, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. The devices that belong to this group are displayed in the Device list. Click the Devices with Outdated Images checkbox to show only devices with images that differ from the image you specified in the Versions window. The entries in the Image, Standard Image, and Image Status columns let you determine which switches have outdated software images. — The Image shows the image currently running in the device. — The BootROM column shows the version of the BootROM running on the device. — The Standard Image information comes from the information you provide in the Versions window for devices of this type (see “Specifying the Current Software Versions”on page 182). If you have not specified a software version in the Versions window, this will be blank. — Image Status shows the status of the image compared to the version shown in the New Image Available column. A green check indicates that the version running in the device and the New Image Available version are the same. A red X indicates that the image running in the device differs from the New Image Available version. The status is also shown as a red X if the New Image Available column is blank. 2 From the Device list, select the devices you want to upgrade, then click the Add-> button. If you want to upgrade the images on all the displayed devices, click the Add All-> button. The devices you select will be moved to the Upgrade Image on Devices list. To remove devices from the Upgrade Image on Devices list, select the devices and click the <-Remove button. This moves the selected devices back to the Device list. Click <-Remove All to move all the devices in the Upgrade Image on Devices list back to the Device list. 174 EPICenter Software Installation and User Guide Upgrading Software Images 3 In the Download Options box, click the Image Download button to specify a software image upgrade. 4 Click Apply to start the software download to the selected devices. Click Reset to return the window to its initial state (removing all devices from the Upgrade Image on Devices list, removing all image selections, and so on). 5 If the images do not require a multi-step upgrade, the upgrade proceeds without any additional prompts. This is the original behavior. When finished, the device reboots according to the setting of the Reboot Options selection. 6 If a multi-step upgrade is recommended for the device, and you have not modified the file <installdir>/extreme/upgrade.properties, the Configuration Error dialog box is displayed, as shown in Figure 74. Figure 74: Configuration Error 7 After you have appropriately modified the upgrade.properties file, the Upgrade Warning dialog box is displayed, as shown in Figure 75. Figure 75: Upgrade Warning 8 To proceed with the multi-step upgrade, click Begin Multi-Step Upgrade. The Multi-Step Upgrade dialog box is displayed, as shown in Figure 76. EPICenter Software Installation and User Guide 175 Configuration Manager Figure 76: Multi-Step Upgrade The Multi-Step Upgrade table displays the action required to complete the upgrade: • N/A—No action is required (the device already meets the requirement). • Upgrade—This step will be performed during the current iteration. • Required—This step must be performed at a future iteration. The center section of the dialog box provides a written version of the required steps. If you do not want to use the multi-step upgrade procedure and, instead, want to force the system to perform a single-step upgrade from your current software image version to your desired software image version, click Skip Multi-Step Upgrade. Skipping the multi-step upgrade and upgrade directly to the specified version. WARNING! If you select Skip Multi-Step Upgrade, be sure that you fully understand all upgrade procedures. Skipping the multi-step upgrade procedure may cause an error on the device and can cause the upgrade to fail. 9 To begin the first part of the multi-step upgrade process, click Begin Upgrade. To print the table and written directions, click Print. To cancel the process, click Cancel. 10 Repeat this procedure for each part of the multi-step process, until you have completely updated your device(s). 11 When the upgrade process has completed, click Close to close the Download Image on Device window. After you upgrade the device(s), you should check each device configuration to be sure that the new image has been properly loaded. For more information on verifying the device, see the ExtremeWare Release Notes. 176 EPICenter Software Installation and User Guide Upgrading Software Images Rebooting Procedures for Multi-Step Upgrades During a multi-step upgrade, your Extreme devices are automatically rebooted for each intermediate upgrade process between the source image and the destination image. For example, if the multi-step upgrade includes two sets of upgrade events, the switch is automatically rebooted between upgrade one and upgrade two. If the multi-step upgrade includes three sets of events, the switch is automatically rebooted between upgrade one and upgrade two, and again between upgrade two and upgrade three. The “final” reboot of a multi-step procedure works identically to a standard, single upgrade of either the software image or BootROM. The switch is rebooted according to the option you select using the Reboot Options setting: • Do not reboot after download indicates the devices should not be rebooted. • Reboot immediately after download indicates the devices should be rebooted immediately after the download. This selection also provides an option to restore the saved configuration to the device. • Reboot after indicates the devices should be rebooted at a later time, and lets you specify the number of hours (up to 72) to wait before doing the reboot. Upgrading BootROM on Devices To download a new ExtremeWare BootROM to an Extreme device, click the Upgrade button at the top of the window and select the Device tab. The Download Image on Device window appears, as shown in Figure 77. Figure 77: Download Image on Device window EPICenter Software Installation and User Guide 177 Configuration Manager To upgrade the BootROM on a device, do the following: 1 In the Download Options box select the BootROM Download button to specify a BootROM upgrade. This displays the Selected BootROM Image field. 2 Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK. For more information about selecting BootROM images, see “Selecting Software Images” on page 181. 3 Indicate whether the devices should be rebooted: — Click Do not reboot after download to indicate the devices should not be rebooted. — Click Reboot immediately after download to indicate the devices should be rebooted immediately after the download. — Click Reboot after to indicate the devices should be rebooted at a later time, and enter the number of hours (up to 72) to wait before doing the reboot. 4 Click Apply to start the software download to the selected devices. Click Reset to return the window to its initial state (removing all devices from the Upgrade Image on Devices list, removing all image selections, and so on). 5 When the upgrade process has completed, click Close to close the Download Image on Device window. Upgrading Slot Images on Modular Devices To download a new ExtremeWare software or BootROM image to an Extreme module, click the Upgrade button at the top of the window and select the Device Slot tab. The Download Image on Device Slot window appears, as shown in Figure 78. 178 EPICenter Software Installation and User Guide Upgrading Software Images Figure 78: Download Image on Device Slot window To download a new software image to one or more slots in Extreme modular devices, do the following: 1 Select a device group or All Devices from the drop-down menu in the Device Group field. Regardless of the number of devices that are members of a device group, only Extreme modular devices are displayed in the Device list. The Slot list displays information about the slots in the selected modular device. — Slot shows the number of the slot in the device. — Type shows the type of module that is installed in the slot. If a module is not installed in the slot, the Type field shows the word Empty. — Image shows the ExtremeWare software version that is currently installed in the module, if applicable. — BootROM shows the BootROM image that is currently installed in the module, if applicable. NOTE If the Image and BootROM columns are empty, the module does not contain a special ExtremeWare software version or BootROM image and does not support a software download. 2 To upgrade modules, select a device from the Device list. A list of the modules installed in the device is displayed in the Slot list. From the Slot list, select the module you want to upgrade then click the Add-> button. If you want to upgrade the images on all of the displayed modules that support software, click the Add All-> button. EPICenter Software Installation and User Guide 179 Configuration Manager NOTE If you try to download an ExtremeWare software image or BootROM image on a module that does not support those images, you will receive an error message. The modules you select will be moved to the Upgrade Image on device slot list. To remove modules from the Upgrade Image on device slot list, select the module and click the <-Remove button. This moves the selected modules back to the Slot list. Click <-Remove All to move all of the modules in the Upgrade Image on device slot list back to the Slot list. 3 In the Download Options box, select the type of upgrade you want to perform: — Click the Image Download button to specify a software image upgrade. — Click the BootROM Download button to specify a BootROM upgrade. 4 For a software image upgrade, do the following: a To select the software image you want to download, click the Image Download button in the Download Options box. This displays the Selected Software Image field. Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK. For more information about selecting software images, see “Selecting Software Images” on page 181. NOTE Some Alpine modules and BlackDiamond modules require a special ExtremeWare software image that only runs on that particular module. If you try to download an incompatible image, you will receive an error message. b Select the download target in the Download To field: Current, Primary, or Secondary. 5 For a BootROM upgrade, click the BootROM Download button in the Download Options box. This displays the Selected BootROM Image field. Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK. For more information about selecting BootROM images, see “Selecting Software Images” on page 181. NOTE Some Alpine modules and BlackDiamond modules require a special BootROM image that only runs on that particular module. If you try to download an incompatible image, you will receive an error message. 6 Indicate whether the slots should be rebooted: — Click Do not reboot after download to indicate the slots should not be rebooted. — Click Reboot immediately after download to indicate the slots should be rebooted immediately after the download. 7 Click Apply to start the software download to the selected modules. Click Reset to return the window to its initial state (removing all modules from the Upgrade Image on device slot list, removing all image selections, and so on). 180 EPICenter Software Installation and User Guide Selecting Software Images 8 When the upgrade process has completed, click Close to close the Download Image on device slot window. Selecting Software Images EPICenter makes it easy for you to select and download ExtremeWare software images or BootROM images to devices or device slots in modular devices. To select ExtremeWare software images: 1 From the Download Image on window, select the appropriate tab to display the Device or Device Slot options. 2 Select the devices or device slots you want to update. 3 In the Download Options box, click the Image Download button. 4 Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK. The Select Software Image window displays the following information in a tabular format: • The Name column lists the name of the ExtremeWare software build. • The Version column lists the version of the ExtremeWare software. • The Description columns lists additional information about the software. For example, if the software is available for “i” series devices only, you may see a notation in the Description column. If you select a software image and click the Close button to exit the Select Software Image window, the software image is displayed in the Selected Software Image field. To select BootROM images: 1 From the Download Image on window, select the appropriate tab to display the Device or Device Slot options. 2 Select the devices or device slots you want to update. 3 In the Download Options box, click the BootROM Download button. 4 Click the Select Image... button to display the Select Software Image window. Select the software image you want to download from the Select Software Image window and click OK. The Select Software Image window displays the following information in a tabular format: • The Name column lists the name of the BootROM image. • The Version column lists the version of the BootROM image. • The Description columns lists additional information about the software. For example, if the software is available for Summit series devices only, you may see a notation in the Description column. If you select a BootROM image and click the Close button to exit the Select Software Image window, the BootROM image is displayed in the Selected BootROM Image field. EPICenter Software Installation and User Guide 181 Configuration Manager Specifying the Current Software Versions The Versions window lets you specify the current version of the ExtremeWare software for each type of Extreme Networks device, including: • Alpine • BlackDiamond non-”i” Series • BlackDiamond “i” Series • Summit non-”i” Series • Summit “i” Series • Summit E3 This information is used by the EPICenter software to determine whether an individual device is running the version you have specified as the “current version.” This is the version that appears in the New Image Available column in the Download Image on Device window. Click the Versions button at the top of the window to display the Configure Standard version window, as shown in Figure 79. Figure 79: Configure Standard version window To select a software version for a particular device type, type in the software version or click the Select button to display the Select Software Image window, as shown in Figure 80. 182 EPICenter Software Installation and User Guide Performing a Live Software Update Figure 80: Select Software Image window Highlight the version that you want to be standard on all of this device type across your network and click OK. For information on performing a live software update using the Live Update button, see “Performing a Live Software Update”. Performing a Live Software Update The Live Update Software Images window displays a list of available software and allows you to connect directly to Extreme Networks to download the most current ExtremeWare software images and BootROM images to your local EPICenter server. After you download the new images, you can use the images to upgrade your managed devices and modules. Before you can download the software images, you must have a current support contract as well as a user name and password to obtain access to the Extreme Networks server. Downloading the software or BootROM images from Extreme Networks does not automatically upgrade the devices with the new images. Depending on the software image you downloaded, the image is placed in one of the following directories: • Device images—<EPICenter_install_dir>\user\tftp\images (by default c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\images in the Windows operating environment) or /opt/extreme/epc4_1/user/tftp/images on a Solaris system EPICenter Software Installation and User Guide 183 Configuration Manager • Device BootROM images—<EPICenter_install_dir>\user\tftp\bootrom (by default c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\bootrom in the Windows operating environment) or /opt/extreme/epc4_1/user/tftp/bootrom on a Solaris system • Slot images—<EPICenter_install_dir>\user\tftp\slotImages (by default c:\program files\Extreme Networks\EPICenter 4.1\user\tftp\slotImages in the Windows operating environment) or /opt/extreme/epc4_1/user/tftp/slotimages on a Solaris system • Slot BootROM images—<EPICenter_install_dir>\user\tftp\slotBootRom (by default c:\program files\Extreme Networks\EPICenter 4_1\user\tftp\slotBootRom in the Windows operating environment) or /opt/extreme/epc4_1/user/tftp/slotbootrom on a Solaris system. Obtaining New Software Images To obtain a current software image, do the following: 1 Click the Update button at the top of the window to display the Live Update Software Images window, as shown in Figure 81. You can also access the Live Update Software Images window by clicking the Live Update button from the Select Software Image window, as described in the section, “Specifying the Current Software Versions”. Figure 81: Live Update Software Images window • The Type column lists whether the image is a version of ExtremeWare software or a version of BootROM software. • The Name column lists the name of the software build. • The Version column lists the version number of the software. • The Status column lists whether the software is a general availability software release. • The Present column lets you know if current versions of software are available on your local system in the following directories (where <tftp_root> is the location of your TFTP server): <tftp_root>/images, <tftp_root> bootrom, <tftp_root>SlotImages, or 184 EPICenter Software Installation and User Guide Performing a Live Software Update <tftp_root>/slotBootRom, or if the software is only available remotely, directly from Extreme Networks. If you see yes, the software is available from EPICenter, and you have the most current release of software. If you see no, the software is available from Extreme Networks, and you do not have the most current release of software. • The Description column provides a description of the software. For example, if the software is intended for a Summit device, you will see an explanation that tells you the software is for the Summit product line. Use the description information to determine the type of device or module the software is intended for. 2 Select the device or slot image you want to update. You can select more than one image. 3 Click OK to display the Login to Remote Server window, as shown in Figure 82. Figure 82: Login to Remote Server window 4 Enter your support user name in the User Name field and password in the Password field to access the Extreme Networks server. NOTE You must have a current support contract as well as a user name and password to obtain access to the Extreme Networks server 5 Click OK to log into the Extreme Networks server. A Messages From Server dialog box appears and displays the status of your request. Click OK to close the dialog box. 6 Click Cancel to close the window. EPICenter Software Installation and User Guide 185 Configuration Manager Configuring the TFTP Server If you already have a TFTP server installed on the system where the EPICenter server is running, you may choose to use that TFTP server instead of the one provided with EPICenter. This is the server that actually does the downloading and uploading from the devices. NOTE In EPICenter 4.1, the Configuration Manager can cause multiple devices to contact the TFTP server at once to perform upload or download operations. Some third party TFTP servers can have problems accepting multiple TFTP requests. If you are running a third party TFTP server and this happens, disable the TFTP server and use the EPICenter TFTP server. The Server function lets you enable or disable the embedded TFTP server, and specify an alternate path for the location of the server. Click the TFTP button at the top of the window to display the Configure TFTP Server window, as shown in Figure 83. Figure 83: Configure TFTP Server window By default, the embedded TFTP server is enabled. • Click the Disable EPICenter TFTP Server button to disable the server. • Click the Enable EPICenter TFTP Server button to enable the server. NOTE You cannot disable the server unless you provide a path to an alternate TFTP server. • To change the location of the TFTP server root, change the path in the Set TFTP Root field. By default, the TFTP server is installed in <epicenter_install_dir>\user\tftp where <epicenter_install_dir> is the directory where the EPICenter server is install. By default, the TFTP server is found in c:\program files\Extreme Networks\EPICenter 4.1\user\tftp in the Windows operating environment, or /opt/extreme/epc4_1/user/tftp on a Solaris system. EPICenter will create six subdirectories (baselines, bootrom, configs, images, slotImages, and slotBootRom) as children of the directory you specify as the TFTP server root. 186 EPICenter Software Installation and User Guide Finding Devices NOTE If you plan to use this TFTP server with other software, such as the ExtremeWare CLI or for any other purpose, be aware of possible differences in the expected locations of the TFTP server and other components such as ExtremeWare software images or configuration files. See the EPICenter Release Note and Quick Start Guide for information on any known issues. Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the Configuration Manager page. 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific device group, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field. You can use the wild card characters * or ? in your search criteria. * acts as a wildcard for an entire octet (0-255) ? is a wildcard for a single digit (0-9) — A device group. Select the device group from the drop-down menu in the device group field. If you do not specify a name or IP address in the Search field, all devices in the device group you select will be found. — A device type. Select the device type from the drop-down menu in the type field. If you do not specify a name or IP address in the Search field, all devices of the type you select will be found. 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the device group in which the device can be found, its name, IP address, and the type of device. 4 Double-click on a device in the results table to highlight the device in the Component Tree, or select a device in the results table and click Go To, to display the configuration information for that device. If you click Go To, the search window will close. 5 Click New Search to clear all search criteria. 6 Click Close to close the search window. Displaying Properties You can view the properties of a device group, device, slot, or port in the EPICenter database. This section describes how to view properties through the ExtremeView applet. EPICenter Software Installation and User Guide 187 Configuration Manager Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display. This displays a list of the current device groups and their descriptions. For more details about this display, see Chapter 4. You can also view properties for a specific device group. To view properties for a specific device group, right-click on a device group and select Properties from the pop-up menu. The Device Group Properties window appears, showing information about the selected group. This includes the group description, the number of devices in the group, and a list of the devices. For more details about this display, see Chapter 4. Device Properties To view properties for a device, right-click on a device in the Component Tree and select Properties from the pop-up menu that appears. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab The VLAN tab lists the VLANs configured on the device. The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. 188 EPICenter Software Installation and User Guide Displaying Properties The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device. EPICenter Software Installation and User Guide 189 Configuration Manager 190 EPICenter Software Installation and User Guide 7 Using the Interactive Telnet Application This chapter describes how to use the Interactive Telnet application for: • Configuring Extreme devices using Telnet and the ExtremeWare Command Line Interface (CLI) • Configuring third-party devices using interactive Telnet Overview of the Interactive Telnet Applet Users with Administrator or Manager access can view and modify configuration information for Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by EPICenter using Telnet and the ExtremeWare Command Line Interface (CLI). You can also use the interactive Telnet capability to view and modify configuration information for third-party devices being managed by EPICenter. The Telnet application provides two usage modes: • A Macro View, where you can set up CLI command macros, and run them on multiple switches in a single operation. You set a macro to run repeatedly, and can save them in the EPICenter database for future use. • An individual session mode, where you can open a session on an individual device, and execute commands just as you would from a standard Telnet interface. Using Telnet with Extreme Switches The Telnet applet allows the scripting and playback of groups of CLI commands (macros) to a selection of Extreme switches. You can also use this applet to run an interactive Telnet session on an individual switch, including third-party switches. Telnet macros are supported on 3Com SuperStack II model 1100, 3300, and 3900 switches. Select Telnet from the Navigation Toolbar to display the Telnet module. The Telnet Macro view for all of the devices known to EPICenter is displayed, as shown in Figure 84. EPICenter Software Installation and User Guide 191 Using the Interactive Telnet Application Figure 84: The Telnet applet, macro interface The Telnet Connections list displays the switches in all of the device groups, and shows the status of any macros that have run or are being run on the switch. If macros are not supported on an individual switch (true of third party switches and a few Extreme switches) the Macro Status will be “Macros not supported.” NOTE If a switch is not supported by the EPICenter interactive Telnet feature, it will not appear in the Telnet Connections list, or in the Component Tree in this applet. When a Telnet session is currently open on a switch, the switch name is highlighted in bold in the list of switches in the Component Tree. NOTE If a switch displayed in the Component Tree has an “S” in a red circle along with the name, that means that the switch is not responding to SNMP requests. However, the switch may still respond to HTTP or Telnet requests. Running ExtremeWare Command Macros The lower half of the Macro view page contains the macro command buffer. You can enter a series of ExtremeWare commands into this buffer, which will form a script that can be played to the set of switches you select in the Telnet Connections list. 192 EPICenter Software Installation and User Guide Using Telnet with Extreme Switches Figure 85 shows a command script entered into the buffer. Figure 85: The Telnet record and play buffer To create a macro for playback to a set of Extreme switches, follow these steps: 1 In the Telnet Connections list, select the set of switches where you want your command macro to run. The switches need not have a Telnet session already open—the macro play function will open a connection and log into the switch. 2 Enter a series of ExtremeWare commands into the macro buffer. There are three ways to enter commands into the macro buffer: — Type the commands directly into the buffer. — Cut or copy commands from another location, either elsewhere in the buffer or from an external document, and paste them into the buffer. Click the right mouse button anywhere in the macro buffer to display a pop-up edit menu which provides copy and paste functions. You can copy text from within the macro buffer using the copy function from the pop-up menu. From an external document, cut or copy text into the clipboard, then use the paste function from the pop-up edit menu. — Load a saved macro (see “Saving a Macro in the EPICenter Database” on page 195). The source of the commands in the macro buffer is indicated by the Macro Source: field at the top of the macro buffer panel. EPICenter Software Installation and User Guide 193 Using the Interactive Telnet Application There are four variables you can use in an ExtremeWare CLI command that will be expanded when the target switch is contacted. These are: Table 6: ExtremeView Macro Variables Variable Definition <NAME> The name of the switch <DATE> The current date of the EPICenter server <TIME> The current time of the EPICenter server <ADDRESS> The IP address of the switch For example, you can enter the command upload config 45.1.12.101 extreme/<NAME>.cfg and the macro substitutes the name of each switch on which it executes the macro. These variables can only be used in macros, not in an interactive Telnet session. NOTE Because macros are intended for unattended, batch-type use, you should not use interactive commands in a macro. They may cause the command to run in a loop. 3 To set the macro so that it plays back repeatedly at a specified interval, click the Repeat button to display the Macro Repeat pop-up window. a Check the Repeating check-box. b Enter an interval (in seconds) in the Repeat Delay (sec) field. c Click OK. 4 Click Play to initiate playback of the macro on the selected switches. This opens a connection to the switch, logs in using the switch login and password as specified in the Inventory Manager, and runs the macro. If the macro is a repeating macro, it will repeat sequentially on all selected switches until you click Stop. You can execute just a portion of a macro by highlighting just the portion of the macro that you want to execute. Only the selected portion will execute when you initiate the playback. This will not affect saving the macro—the entire macro will be saved even if only a portion is highlighted. The Macro Status column in the Telnet Connections table indicates the status of the macro as execution progresses on the selected switches. The states are: — Pending—The macro is intended to run on this switch, but has not yet started. This macro is used only used when playing macros repeatedly. — Playing—The macro is currently running. — Stopped—The macro was stopped before it completed. — Complete—The macro has completed running. — Macros Not Supported—Macros cannot be run on this device (may appear if you select a non-Extreme device or the Summit Px1 or Summit 24e2T/X devices). — Failed—A failure occurred when the macro was run. This is frequently due to an inability to connect to the switch. 194 EPICenter Software Installation and User Guide Using Telnet with Extreme Switches CAUTION Macro play will be automatically stopped if you exit the Telnet applet (by selecting another applet or logging out) while a macro is running. There are two ways to view the results of the last macro execution on a particular switch: • You can select the switch in the Telnet Connections list, and click the View button at the top of the screen. The View window displays the command output. Click OK to close the window. Or • You can view the Telnet log file, found in the user\Telnet subdirectory in the EPICenter root install directory. Log files are created for each switch that runs the macro, and the files are saved according to the switch IP address. The log files display the command output for the last macro played. Saving a Macro in the EPICenter Database To save a macro you have defined, click the Save button. This displays the Macro Save pop-up window (see Figure 86). Figure 86: Saving a macro to the database Enter a name for the macro, an optional description, and click OK. All current contents of the macro buffer will be saved in the database under the name you specify. Selecting a portion of the macro (to playback only part of the macro) does not affect the save function. To load a saved macro, click the Load button. This displays the Load Macro pop-up window (see Figure 87). Figure 87: Loading a macro from the database The pop-up window displays the names and descriptions of all saved macros, as well as the owner (EPICenter user) who created the macro, and the time at which it was last saved. Select the macro you want to load and click Load. You can select only one macro to load at a time. EPICenter Software Installation and User Guide 195 Using the Interactive Telnet Application The contents of the saved macro will replace any previous contents in the macro buffer. You can delete a saved macro by clicking the Delete button. A pop-up window similar to the Load Macro window appears. Select one or more macros to delete, then click Delete. You will be asked to confirm the deletion. Examples of ExtremeWare Command Macros EPICenter supports the use some interactive ExtremeWare commands, such as create, configure, and save, as well as commands that may require you to press the space bar to continue or [Q] to quit. For interactive commands used in a command macro, you need to supply the response to the command in a separate line. The following examples illustrate usage of these commands. • To create a user account with the name “joesmith” and a password of “2joe3,” enter the following commands: create account user joesmith 2joe3 2joe3 NOTE If you type a command that requires a password, you need to enter the password twice. In a command macro, unlike an interactive Telnet session, the first “password” sets the password, and the second “password” confirms the password. • To use the save command to save a configuration to the switch, enter the following commands: save yes • To delete a user-defined STPD domain (stpd2) from the switch, enter the following commands: delete stpd2 yes • To reboot the switch, enter the following commands: reboot yes Running a Telnet Session on an Individual Switch You can open a Telnet session on an individual switch by selecting the switch from the Telnet switch list in the Component Tree. This opens a Telnet session to the selected switch, and then waits for command input, just as with any other Telnet session. EPICenter allows only five Telnet sessions to be open concurrently. Therefore, if you select more than five switches, EPICenter will open five connections, then close the oldest (the first connection) in order to open a connection on the sixth switch, and so on. Open telnet sessions are indicated by displaying the switch name in bold in the Component Tree. Any open Telnet sessions will be closed when you leave the Telnet applet to view a different EPICenter applet. 196 EPICenter Software Installation and User Guide Using Telnet with Extreme Switches Figure 88: A newly-opened Telnet session Devices with open Telnet sessions The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey. The last 25 lines of Telnet commands and responses always appear in the white portion of the window. As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell whether you are viewing the most recent Telnet output. The Telnet session window will display the commands and results from macros that are run on the switch. You can also type in commands individually. Copy/Paste from an Interactive Telnet Session A copy and paste function is available within an interactive Telnet session. Copy and paste let you copy from one interactive Telnet session into another interactive session or into the macro buffer. You can also paste commands from an external document into an interactive Telnet session. The copy and paste commands reside on a pop-up menu that you can display using the right mouse button, as shown in Figure 89). EPICenter Software Installation and User Guide 197 Using the Interactive Telnet Application Figure 89: An open Telnet session showing the pop-up edit menu • To copy from an interactive session, highlight the lines you want to copy, click the right mouse button and select Copy from the pop-up menu. • To paste into an interactive Telnet session or into the macro buffer, place the cursor where you want the lines inserted, click the right mouse button and select Paste from the pop-up menu. NOTE You cannot use the browser cut and paste functions for this purpose. Macro Recording and Playback from an Interactive Telnet Session The record function creates a macro by echoing commands that you type in an interactive Telnet session, into the Macro Record/Play Buffer. The record function is controlled by commands from a pop-up menu displayed by using the right mouse button, as shown in Figure 89. • To start recording a macro, click the right mouse button and select Start Record from the pop-up menu. Everything you type after this is copied into the macro Record/Play Buffer until you select Stop Record from the pop-up menu. • To stop recording a macro, click the right mouse button and select Stop Record from the pop-up menu. The commands that are part of the macro are automatically entered into the macro command buffer. • To play the macro on one or more switches, select the Device Groups component or the name of a device group in the Component tree, and play back the macro in the main Telnet page as discussed in the section “Running ExtremeWare Command Macros,” on page 192. 198 EPICenter Software Installation and User Guide Using Interactive Telnet with Third-Party Devices Using Interactive Telnet with Third-Party Devices You can open an interactive Telnet session on a third-party device and execute commands interactively. Select the switch from the Telnet device list in the Component Tree. This opens a Telnet session to the selected switch, and waits for input as appropriate to the device’s telnet interface. Unlike Telnet to an Extreme Networks switch, it does not log you in to the device. You must log in as required for the device. You can enter and execute commands using the device’s command line interface. The commands and any resulting output will be displayed in the session window just as if you were running a Telnet session on any other client. The Telnet session window is a two-tone window—the bottom of the window is white, the top is grey. The last 25 lines of Telnet commands and responses always appear in the white portion of the window. As output grows, the older lines scroll up into the grey portion of the screen. This makes it easy to tell whether you are viewing the most recent Telnet output. To close the Telnet session, type the appropriate exit command on the command line. The session will be closed automatically when you exit the Telnet applet. Viewing Device Information from Pop-up Menus You can select a device group or a device in the Component Tree, then right-click to display a pop-up menu that contains the Properties command. The Properties command displays the attributes for a specific device group or device. The device pop-up menu also contains the Alarms, Browse, EView, Statistics, Sync, and VLANs commands. All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed. Properties The Properties function lets you view the attributes for a device group or a device. To view the Properties display for all device groups: • Right-click on the Device Groups component, then select Properties from the pop-up menu that appears The Device Groups Properties window appears and displays the number of device groups and the names of the device groups that are known to EPICenter. To view the Properties display for a selected device group: • Right-click on the device group, then select Properties from the pop-up menu that appears The Device Group Properties window appears and displays the attributes for the selected device group. To view the Properties display for a selected device: • Right-click on the device, then select Properties from the pop-up menu that appears The Device Properties window appears and displays the attributes for the selected device. See “Displaying Properties” on page 202 for details on using this feature. EPICenter Software Installation and User Guide 199 Using the Interactive Telnet Application Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5 for details on using this feature. Browse The Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new web browser window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10 for details on using this feature. Statistics The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Device from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device. See Chapter 11 for details on using this feature. 200 EPICenter Software Installation and User Guide Finding Devices Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database. See Chapter 13 for details on using this feature. Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the Telnet applet page. 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific domain, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field. You can use the wild card characters * or ? in your search criteria. * acts as a wildcard for an entire octet (0-255) ? is a wildcard for a single digit (0-9) — A device group. Select the device group from the drop-down menu in the device group field. If you do not specify a name or IP address in the Search field, all devices in the device group you select will be found. — A device type. Select the device type from the drop-down menu in the type field. If you do not specify a name or IP address in the Search field, all devices of the type you select will be found. EPICenter Software Installation and User Guide 201 Using the Interactive Telnet Application 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the domain in which the device can be found, its name, IP address, and the type of device. 4 Double-click on a device in the results table to highlight the device in the Component Tree, or select a device in the results table and click OK, to initiate a telnet session on the device (see “Running a Telnet Session on an Individual Switch” on page 196). If you click Go To, the search window will close. 5 Click New Search to clear all search criteria. 6 Click Close to close the search window. Displaying Properties You can view the properties of a device group or a device in the EPICenter database. This section describes how to view the device group properties and the device properties. Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display. This displays a list of the current device groups and their descriptions. For more details about this display, see Chapter 4. You can also view properties for a specific device group. To view properties for a specific device group, right-click on a device group and select Properties from the pop-up menu. The Device Group Properties window appears, showing information about the selected group. This includes the group description, the number of devices in the group, and a list of the devices. For more details about this display, see Chapter 4. Device Properties To view properties for a device, right-click on a device in the Component Tree and select Properties from the pop-up menu that appears. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. 202 EPICenter Software Installation and User Guide Displaying Properties The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab The VLAN tab lists the VLANs configured on the device. The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device. For more details about the Device Properties window, see Chapter 4. EPICenter Software Installation and User Guide 203 Using the Interactive Telnet Application 204 EPICenter Software Installation and User Guide 8 The Grouping Manager This chapter describes how to use the Grouping Manager to do the following: • Create new groups • Create new user or host resources • Add resources or groups to a parent group • Define relationships between resources • Add attributes to a resource or a group • Search for resources • Import users and hosts from Windows Domain Controller, NIS, an LDAP directory, or a file Overview of the Grouping Manager The Grouping Manager allows you to collect network “resources” (devices, ports, users, hosts, and VLANs) into groups that can be manipulated or managed as a single entity. A group is a hierarchical collection of resources that have been grouped together for some common purpose. A group can contain individual resources as well as other (subordinate) groups. Groups (except for Device Groups) are not exclusive—a resource can be a member (child) of more than one group. Resources are individual elements in your network, such as a device, port, host (end station), user, or VLAN. Device, port, and VLAN resources are defined externally to the Grouping Manager, through the EPICenter discovery capability and the Inventory and VLAN applets. User and Host resources are defined within the Grouping module, either by importing the information from an external source (such as an LDAP directory, NT Domain Controller, NIS server, or a file) or by creating the resources within the grouping module. A group can also be considered a “resource” when it is used as an entity in the same way as an individual resource would be used—such as in a Policy definition within the EPICenter Policy Manager, an optional, separately-licensed product. With the exception of Device Groups and Port Groups, the group and resource definitions you create through the Grouping applet are primarily useful within the Policy Manager. For more information on how groups are used within that application, see the EPICenter Policy Manager Software User Guide. EPICenter Software Installation and User Guide 205 The Grouping Manager You can define groups and add resources to them to create an organizational structure that facilitates managing your network. The EPICenter software provides several predefined groups: • Custom Applications • Device Groups • Hosts • Import Sources • Port Groups • Users You can define your own groups at the same hierarchical level as the predefined groups, or as subordinate groups (children) of an existing group. You can assign resources to your own user-defined groups and to the predefined groups, with the exception of Device Groups and Import Sources. The Device group always has the child group named “Default”. It may or may not have additional members depending on whether devices have been added to the device groups in Inventory. You cannot directly add members to Device Groups using the Grouping Manager. This must be done in Inventory. Four of the predefined groups—Custom Applications, Hosts, Port Groups, and Users—initially have no members. Although the latter three groups are provided to help you organize your host, user, and port resources, they can contain children of any resource type. A Custom Applications group can only contain port resources. You can create new groups as members of these groups, or add resources of any type directly to them. The Custom Applications group cannot have hierarchical children. • Custom Applications may be used to group various L4 resources without requiring ports in the group to be contiguous or of uniform type. For instance, you can mix UDP and TCP ports in one group. You can also have sets of contiguous and single ports in the same group. • Port Groups may be used by the Real Time Statistics applet and the IP/MAC Address Finder applet. However, these applets do not support hierarchical groups—if you have subordinate groups within a port group, the subordinate layers are all collapsed into a single layer. Resources of types other than ports are ignored by these applets. Port Groups, along with all the other types of groups and resources, may also be used by the optional Policy Manager module. • The Hosts and Users groups (either the predefined groups or subordinate groups) may be used by the optional Policy Manager. This is also true of all user-defined groups. No other EPICenter applets currently support groups of these types. In a group that contains resources of different types, the Policy Manager will ignore those resources that are not relevant to the purpose for which the group has been selected. The other two predefined groups, the Device Groups group and the Import Sources group, are restricted in the way they can be used. Device Groups. The “Device Groups” group contains the device groups and devices known to the EPICenter inventory database. Device groups are created within the EPICenter Inventory Manager applet, and devices are added or discovered, and are assigned to device groups, within that applet. All port resources are also defined in association with the devices known to the Inventory Manager. • You cannot add resources to or remove resources from the Device Groups group through the Grouping Manager. 206 EPICenter Software Installation and User Guide Displaying EPICenter Groups and Resources • You can add resources that are children of Device Groups group—device groups, devices, and ports—as members (children) of other groups. • There is always a device group named “Default”. Import Sources. The Import Sources group is used to contain resources imported from an external source, such as a file, NT Domain Controller, or LDAP directory. When you perform an import operation, the Grouping Manager creates a new group under the Import Sources group, and puts all the imported resources under that group. • You cannot add groups or individual resources as children of the Import Sources group except by using the Import function. • You cannot remove any of the members (including sub-groups) of an imported group. The imported group can only be deleted in its entirety, using the Destroy function. • You can add resources that are children of an Import Sources group as members (children) of other groups. Resource Attributes Attributes are name and value pairs that you can use for a variety of purposes. You can associate attributes with both groups and individual resources, including resources that are members of the Device Groups and Import Sources groups. Some predefined resources, such as devices and imported resources, may also have predefined attributes. For example, device resources have their IP address as an attribute. Imported resources may bring with them sets of attributes determined by the content and configuration of the import source. Certain attributes, such as IP/subnet address. L4 and Netlogin ID are used by the optional Policy Manager applet to allow it to map between high-level named resources, such as Users, and the information required to generate a QoS policy (IP address and port information). You can also define attributes of your own, and then use them as search criteria when you want to find sets of resources with common attributes. Relationships between Resources The Grouping Manager also supports “relationships” between User, Host, and Port resources. These relationships are used by the optional Policy Manager applet, and help the Policy Manager generate specific QoS rules that it derives from high-level policy specifications that are given in terms of named objects such as users or hosts. See the EPICenter Policy Manager Software User Guide for details. Displaying EPICenter Groups and Resources When you click the Groups button in the Navigation toolbar, the main Grouping Manager window is displayed, showing Resource Details for the root-level group. Figure 90 shows the Grouping Manager window with a number of the groups expanded to show their children. EPICenter Software Installation and User Guide 207 The Grouping Manager Figure 90: Resource Details view Groups Children Device Resources Tab to display Children or Relationships Tab to display Attributes The Component Tree on the left shows the currently-defined resources. Initially, this shows only the root-level group named “Groups.” Click on the plus sign to the left of a resource to display the children of that resource. Children can be individual resources (devices, hosts, users, or ports) or groups. The icons indicate the type of resource: indicates a general-purpose group. indicates a custom application. indicates a device group. indicates a host resource. indicates a user resource. indicates a VLAN resource. Devices, slots, and ports are indicated by icons that vary based on the specific device model and port type. The icons are the same as are used in the Component Tree of the Inventory module and other EPICenter modules. Although slots appear in the Component Tree, they are not true resources, and cannot be children of groups within the Grouping Manager. VLANs may appear as children in the Component Tree. However, unlike devices and Device Groups, VLANs will appear in this list only after they have been specifically added as children of a group. VLANs known to EPICenter but not used as children of a group will not appear in this list. 208 EPICenter Software Installation and User Guide Displaying EPICenter Groups and Resources Resource Details The Resource Details display in the main panel shows the following information for the group (or resource) that is selected in the Component Tree on the left: • Name—The name of the Resource. For ports, the name of the port is the Device name followed by the port number. For example, S1 3 is the name of port 3 on the device named S1. • Description—A description of the resource (optional for user-defined resources). — For Device Groups, this is the description entered for the group in the Inventory Manager. — For devices, this is the device description (sysDescr variable) if present in the agent. — For ports, this is the interface description ( ifDescr variable) if present in the agent. — For VLANs, this contains the protocol and tag information. • Type—The type of resource (Group, Device, Host, Port, User, VLAN). Note that if you select a slot under a chassis device in the tree, the Resource Details window displays it as a “Slot” resource. However, a slot is not a true resource in that it cannot be added as a child of a group— its ports can be used as resources, but the slot as an entity cannot. • Source—The origin of the resource. The source determines what actions are allowed relative to the resource, this can be one of the following: — EPICenter indicates that the resource was defined by the EPICenter software: either by the Grouping Manager in the case of the predefined groups, or by another EPICenter applet in the case of device group, device, port, or VLAN resources. You cannot modify these resources or their children (if they are groups) through the Grouping Applet. — Manual indicates that this is a user-defined resource, created within the grouping applet using the New button. These resources can be deleted from the Grouping Manager using the Destroy function. The exception is the three predefined groups, Hosts, Users, and Port Groups, which are considered Manual resources but cannot be destroyed. If the user-defined resource is a group, you can add and remove children as desired. — Imported resources are assigned a source name as part of the Import process. See “Importing Resources,” on page 225 for more information. User-defined (Manual) resources can be deleted using the Destroy function. System-defined (EPICenter) and imported resources cannot be deleted, although they can be removed as children of other groups to which you have added them. See “Deleting Resources,” on page 213 for more information on deleting resources, and “Removing A Child Resource from a Group,” on page 216 for more information on removing resources from groups. • Unique Name—A name that uniquely defines this resource within the Source scope. For user-defined resources (Source is Manual) this will always be blank. — For pre-defined resources, the Unique Name is the same as the Resource Name. — For device resources, the Unique Name is the device IP address. — For port resources, the Unique Name is the IP address of the device followed by the port number. For ports on a chassis device, the port number combines the slot number and the port number. — For resources imported from a file or LDAP directory, the Unique Name is specified in the input process, and may be different from the Resource Name. Below these fields there are two tabbed pages whose contents depends on the type of resource being displayed. EPICenter Software Installation and User Guide 209 The Grouping Manager • For Groups, you can view a list of Children of the group. This lists the resources (individual resources or subordinate groups) associated with the selected group. For each child, the list includes the resource name, its type, and its source. • For User, Port and Host resources, you can view a list of Relationships for the resource. This displays a list of other resources related to the selected resource. • For all types, you can view a list of the Attributes associated with the resource. The exception is the top level (root) node, “Groups,” which has no attributes. Resource Filtering The field at the top of the Component Tree provides a drop-down menu from which you can select a filter to apply to the Component Tree display. This filter controls the types of resources that are displayed as subcomponents of the groups in the tree. This feature is useful when you have a large number of resources of various types, and lets you limit the display to resources of a specific type in which you are interested. Groups are always displayed. The following filter choices determine the types of individual resources that will be displayed within the groups: • All allows resource children of all types to be displayed. • Devices shows only the Device resources within the groups. • Hosts shows only Host resources within the groups. • Ports shows only Device and Port resources within the groups. • Users shows only User resources within the groups. • VLANs shows only VLAN resources within the groups. Grouping Manager Functions The buttons in the navigation bar at the top of the page provide the following functions: • New lets you create a new Group, User, or Host resource. • Destroy lets you delete a user-defined resource. This completely eliminates the resource from the EPICenter database, as well as removing it from all groups of which it was a member. This is not the same as removing a resource from an individual group. You cannot destroy system-defined resources or individual imported resources. You can only destroy imported resources by destroying the entire Import Source group. • Import lets you import resources from an external source such as an NT Domain Controller, LDAP database, or a specially-formatted text file. • Find lets you find a resource based on a set of search criteria that can include a resource name, description, type, source, or attribute value. • Help displays on-line help for the Grouping Manager and the Resource Details display. These functions are described in detail in the following sections. 210 EPICenter Software Installation and User Guide Creating a New Resource Creating a New Resource You can create new groups and add new User and Host resources through the New Resource function. You can also associate attributes with the resource during this process. This function creates a new resource. To add an existing resource to an existing group, see “Adding a Resource as a Child of a Group,” on page 213. NOTE You cannot add resources of any type to the Device Groups or Import Sources groups, or any subgroups within those groups. To add a new resource, do the following: 1 In the Component Tree, select the Group to which you want the resource added. To add a new group at the highest level, select the root “Groups” node. The new resource will be added as a child of the group you select. If you plan to add User or Host resources, it is suggested that you add these initially to the User or Host groups, or to another group you have created, rather than to the root-level group. Once you’ve created a resource, you can add it as a child of other groups. For example, a User resource “Fred” can be a member of both the group “Marketing” and the group “Chicago.” 2 Click the New button at the top of the Grouping Manager window. The Add a New Resource to Group window, as shown in Figure 91, is displayed. Figure 91: Adding a new resource 3 Enter identifying information in the fields at the top of the dialog: — Resource Name—A name for the resource. The name can include any characters except a colon. — Resource Type—For all groups except Custom Applications, select a type (Group, User, or Host) from the drop-down menu. If you are creating this resource as a member of the Custom Applications group, the type defaults to Application and may not be changed. If you are creating this resource as a member of the Hosts group, the type defaults to Host. If you are creating it as a EPICenter Software Installation and User Guide 211 The Grouping Manager member of the Users group, the type defaults to User. Otherwise, the type is set to Group by default. For groups other than Custom Applications, you can change the group type. — Resource Description—an optional description of the resource 4 Define any attributes that you want to associate with this resource. Attributes are name-value pairs that can be used as search criteria, and are used by the EPICenter Policy Manager. For a more detailed explanation of attributes, see “Adding and Removing Attributes,” on page 219. a Enter the name of the attribute in the Name field. b Select an attribute type from the drop-down list in the Type field: Generic—Any attribute not specified as one of the other two types. The value is a string. You can use this attribute to classify your resources in any way you want, for search purposes. IP/Subnet—This attribute specifies an IP address and subnet mask. For Host or User resources, this attribute may be used by the Policy Manager. Netlogin ID—This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is imported from an external source such as an NT Domain Controller or NIS that contains user and host information. For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If Netlogin is enabled on the switches in your network, attribute and relationship information (mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs, will be maintained automatically. L4—This attribute is used only for Custom Applications. It is the only Type that is allowed for this kind of group. c Enter a value for the attribute: For a Generic attribute, enter a string. For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as appropriate. For a Netlogin ID, enter a string. In order to be recognized correctly by the Netlogin in Extreme switches, this should be the user name (login name) or host name as known within the network. For L4, enter a valid UDP or TCP port or range of ports using the format [UDP|TCP]/[<portNum>|<minPortNum-maxPortNum>]. The first section of the format requires you to specify UDP or TCP. The second part allows you to specify either a single valid port of the type chosen, or a range of ports separated by a dash. For example, the following are valid entries: UDP/234 and TCP/23-45. d To add this attribute to the list of attributes associated with this resource, click the Add Attribute to Resource button . e To remove an attribute from the list of attributes, select the attribute in the list and click the Remove Attribute from Resource button . 5 When you have finished entering attributes, click the OK button to save your new resource definition. To close this dialog without saving the resource definition, click the Cancel button. 212 EPICenter Software Installation and User Guide Deleting Resources Deleting Resources The Destroy button in the Grouping Manager toolbar lets you delete user-defined resources from the EPICenter database. The destroy function removes the resource from the database entirely, removing it from all groups where it exists as a child. NOTE You can only destroy resources whose source is “Manual” (except for the predefined groups) and the root groups of imported resources. You cannot destroy the predefined groups, system-defined resources (devices, device groups, or ports) whose source is EPICenter, or individual imported resources (where the source is a file, LDAP database etc.). If you select a resource you cannot delete, the Destroy button will not be available. To delete a user-defined resource do the following: 1 Select the resource in the Component Tree. 2 Click the Destroy button on the toolbar. A confirmation dialog will be displayed. Click OK to confirm that you want to delete this resource. If you delete a group, any orphaned children of the group (resources that are not members of any other group) are also deleted. If you delete a Host or User, all relationships to other resources are also deleted. To remove a resource as a child of a group, use the Remove function, see “Removing A Child Resource from a Group,” on page 216. This just removes the parent-child relationship with the group, but does not delete the resource from the database. Adding a Resource as a Child of a Group NOTE You cannot add Resources as a Child of a Group for Custom Applications. A group’s children are individual resources or subordinate groups that will be manipulated or managed together. A resource is placed into a group as it is created— either the root-level group, or the group that was selected when it was created. However, because a resource can be a member of multiple groups, you may wish to add an existing resource to an additional group, or move it to a different group. To add a resource to a group, you select the resource from a list of the resources that are currently defined in the EPICenter database. You can add individual resources as children of a group, or you can add groups as children. You cannot add an ancestor group as a child of one of its subordinate groups. You cannot have subordinate groups of Applications below the Custom Applications group. When you add a group as a child of another group, all members of the sub-group (its children) are considered members of the higher level (ancestor) group. As membership in the sub-group changes, so does the membership in the higher level (ancestor) group. This can have important effects when a group is used by another EPICenter module. For example, suppose you create group “A” that contains EPICenter Software Installation and User Guide 213 The Grouping Manager two groups of hosts “HostsA” and “HostsB”, and then use group A in defining access list policies through the Policy Manager. The Policy Manager will generate access list rules for traffic related to all the hosts in groups HostsA and HostsB. If you subsequently change the membership of HostsB, and auto-configuration of policies is enabled in the Policy Manager, the QoS rules that define the access lists will automatically be recomputed and reconfigured. (See the EPICenter Policy Manager Software User Guide for more information on this optional module). Adding resources to a group as individuals is a more static relationship—resources remain as children until they are explicitly removed from the group (or deleted from the EPICenter database). To add a resource or group of resources to a higher-level group, do the following: 1 In the Component Tree, select the group to which you want to add the resource, so that the group’s information is displayed in the Resource Details view. 2 Click the tab labeled Children to display the list of children belonging to this group. 3 Click the Add button at the bottom of the list of Children to display the Add Resources to Group pop-up dialog, as shown in Figure 92. Figure 92: Adding Resources to a Group This window has two parts: — A display of the resources in the EPICenter database that are available to be added to the group. — A list of the resources you have selected to add. 4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel. The Select Resources to be Added panel is split into two parts: — The Component Tree in the left half of the panel displays the groups that contain resources of interest. It may include devices if you have filtering set to display port resources. The drop-down menu field at the top of the Component Tree lets you select a filter to apply to the resource display. This filter controls the types of resources that are displayed as subcomponents of the groups in the tree. 214 EPICenter Software Installation and User Guide Adding a Resource as a Child of a Group Groups are always displayed. The following filter choices determine the types of individual resources that will be displayed within the groups: Show All allows resource children of all types to be displayed. Show Devices shows only Device resources within the groups. Show Hosts shows only Host resources within the groups. Show Ports shows only Device and Port resources within the groups. Show Users shows only User resources within the groups. Show VLANs shows only VLAN resources within the groups. — The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree. 5 Select one or more resources from the list of individual resources, or select a resource group or device from the left-hand list. 6 Click the Add button to add your selections to the Resource Results list. You can select a group in the Component Tree or one or more groups or individual resources from the resource list. Click the Add All button Resource Results list. to add all the individual resources in the right-hand list to the NOTE There is an important difference between adding individual resources as children of a group, and adding a group as a child of another group. Adding a group to the results list does not have the same effect as selecting the group in the Component Tree, and then adding its children using the Add All button. When you add a group as a child of another group, all members of the subgroup (its children) are considered members of the higher level (ancestor) group. As membership in a subgroup changes, so does the membership in the higher level (ancestor) group. Resources added individually, on the other hand, remain as children until they are explicitly removed from the group (or deleted from the EPICenter database). To search for a resource using the Query function, click the Find button. You can add the results of your query directly into your Resource Results list by selecting the resources you want to add and clicking the Add button at the bottom of the Query window. See “Searching for a Resource,” on page 221 for more information on the Find function. 7 You can remove resources from the Resource Results list if you change your mind about your selections. Select one or more resources in the Resource Results list, and click the Remove button to remove the selected resources, and return them to the Resources to be Added list. Click the Remove All button to clear the Resource Results list. 8 Click OK to add the resources in the Resource Results list to the list of children for this resource, or Cancel to cancel the Add function. EPICenter Software Installation and User Guide 215 The Grouping Manager 9 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes. However, you can add and remove children and attributes to the group you have selected in multiple operations before you save. Click the Cancel button at the bottom of the window to cancel the changes you have made to this group. Removing A Child Resource from a Group If you have added a resource as a child of a group, you can remove the resource from that group using the Remove function. This removes the parent-child relationship between the resource and the group. This does not remove the resource from the EPICenter database, unless it is a user-defined resource and this is the only instance of the resource. (Removing all instances of a resource is the equivalent of destroying the resource.) To remove a resource from a group, do the following: 1 Select the parent group in the Component Tree to display the group in the Resource Details window. 2 Select the Children tab to display the resources that are children of the group. 3 Select the resource you want to remove. 4 Click the Remove button at the bottom of the window. 5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes. However, you can add and remove children and attributes to the group you have selected in multiple operations before you save. Click the Cancel button at the bottom of the window to cancel the changes you have made to this group. Note that you can also remove resources by locating them using the Find function, and removing them using the search results list. See “Searching for a Resource” on page 221 for more information on the Find function. Removing a resource from all groups of which it is a member is the equivalent of destroying the resource. Adding Relationships to a Resource Individual resources cannot have children. However, certain types of resources (Hosts, Users, or Ports) can have relationships. Devices cannot have either relationships or children. For example, a Host may have a relationship with a User, which indicates that the User is associated with the IP address of that Host. A Host may also have a relationship with a port, indicating that the host communicates over that port. 216 EPICenter Software Installation and User Guide Adding Relationships to a Resource These relationships may be used by the Policy Manager applet to create low-level QoS policy rules based on named higher-level objects such as users and hosts. Relationships can be created between the following: • Hosts and Users • Hosts and Ports • Users and Ports These relationships are always reciprocal: when you create a relationship between two resources, it is added simultaneously to both resources. 1 In the Component Tree, select the resource to which you want to add a relationship, so that it is displayed in the Resource Details view. 2 Click the tab labeled Relationships to display the list of children belonging to this group. 3 Click the Add button at the bottom of the list of Children to display the Add Relationship to Group pop-up dialog, as shown in Figure 93. Figure 93: Adding Relationships to a Resource This window has two parts: — A display of the resources in the EPICenter database that are eligible to be used in a relationship. — A list of the relationships you’ve selected to add to the resource. 4 Select a resource from one of the lists in the Select Resources to be Added panel at the left hand side of the dialog window. You can make your selection from either side of the panel. The Select Resources to be Added panel is split into two parts: — The Component Tree in the left half of the panel displays the groups that contain resources of interest. The drop-down menu field at the top of the Component Tree lets you select a filter to apply to the resource display. You can filter the resources that will be presented as children of the groups in the tree. EPICenter Software Installation and User Guide 217 The Grouping Manager Show All allows resource children of all types to be displayed. Show Devices shows only Device resources. (However, devices cannot be used in relationships, so nothing is displayed if you select this filter.) Show Hosts shows only Host resources. Show Ports shows only Device and Port resources. Show Users shows only User resources. Show VLANs shows only VLAN resources. (However, VLAN resources cannot be used in relationships, so nothing is displayed if you select this filter.) — The resource list in the right half of the panel displays the resources available within the group you have selected in the Component Tree. It will display only the types of resources that are eligible to have relationships (host, users, and ports). 5 Select one or more resources in the list, and click the Add button to add your selections to the Resource Results list. You can select a group in the Component Tree or one or more groups or individual resources from the resource list. Click the Add All button Resource Results list. to add all the individual resources in the right-hand list to the To search for a resource using the Search function, click the Find button. You can add the results of your query directly into your Resource Results list by selecting the resources you want to add and clicking the Add button at the bottom of the Search window. See “Searching for a Resource,” on page 221 for more information on the Find function. 6 You can remove resources from the Resource Results list if you change your mind about your selections. Select one or more resources in the Resource Results list, and click the Remove button to remove the selected resources, and return them to the Resources to be Added list. Click the Remove All button to clear the Resource Results list. 7 Click OK to add the resources in the Resource Results list to the list of relationships for this resource. 8 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you have selected before you save. Click the Cancel button at the bottom of the window to cancel the changes you have made to this group. Removing Relationships from a Resource To remove a relationship between two resources (Hosts, Users, or Ports) do the following: 1 In the Component Tree, select one of the resources that is involved in the relationship, so that the resource is displayed in the Resource Details window. 2 Select the Relationship tab to display the relationships for the resource. 3 Select the relationship you want to remove. 218 EPICenter Software Installation and User Guide Adding and Removing Attributes 4 Click the Remove button at the bottom of the window. The relationship will be removed both from the resource you are viewing, and from the other resource involved in the relationship. For example, if Host resource “HostB” has a relationship with user resource “Watson” the relationship will appear in the relationship list of both resources. If you display the relationships for resource HostB, and remove the relationship with user Watson, the relationship will be removed from the relationship lists of both HostB and Watson. 5 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you’ve selected before you save. Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this group. Removing a relationship does not affect the group memberships of either resource. NOTE If you destroy a resource, any relationships with that resource will automatically be removed from the other resources involved. Adding and Removing Attributes Any resource (individual resources or groups) can have attributes. Attributes are simply name-value pairs that can be used for a number of purposes. There are four types of attributes: • Generic—A user-defined attribute not specified as one of the other two types. The value is a string. You can use this attribute to classify your resources in any way you want, for search purposes. • IP/Subnet—An IP address and subnet mask. This attribute may be used by the Policy Manager to map a User or Host resource to an IP address. • Netlogin ID—This attribute specifies a Netlogin ID (user ID or host ID) that can be detected by Netlogin in the switch. Netlogin ID attributes are most commonly created when a resource is imported from an external source such as an NT Domain Controller or NIS that contains user and host information. For Host and User resources, this attribute may be used by the EPICenter Policy Manager. If Netlogin is enabled on the switches in your network, attribute and relationship information (mappings between users, hosts, and IP addresses) for host and user resources with Netlogin IDs will be maintained automatically. • L4—This attribute specifies a UDP or TCP port or range of ports. This attribute is used to specify the port(s) for an application. This type of group is only available to Custom Applications. Specifying multiple L4 attributes for an Application resource allows the Application resource to reference different types of ports which are not contiguous. EPICenter Software Installation and User Guide 219 The Grouping Manager To view the attributes associated with a resource, do the following: 1 Select the resource in the Component Tree, so that it is displayed in the Resource Details view. 2 Click the Attributes tab. This will display the attributes (if any) associated with the resource, as shown in Figure 94. Figure 94: Resource attribute display To add an attribute to the displayed resource, do the following: 1 Make sure the Attributes page is displayed. If it is not, the Add button will not be present. 2 Click the Add button . The Add Attributes pop-up dialog appears, as shown in Figure 95. Figure 95: Adding attributes to a resource 220 EPICenter Software Installation and User Guide Searching for a Resource 3 Enter the name of the attribute in the Attribute Name field. 4 Select an attribute type from the drop-down list in the Attribute Type field. You can choose from the first three for all groups but Custom Applications. For Custom Applications, L4 is the only allowed attribute type: Generic—Any user-defined attribute other than an IP Address or Netlogin ID. IP/Subnet—An IP address and subnet mask. Netlogin ID A User ID or Host ID as it will be detected by Netlogin in the switch. L4—A valid UDP or TCP port or range of ports. 5 Enter a value for the attribute: For a Generic attribute, enter a string. For an IP/Subnet attribute, fill in the fields provided, and edit the subnet mask specification as appropriate. For a Netlogin ID, enter a string. In order to be recognized correctly by Netlogin in Extreme switches, this should be the user name (login name) or host name as known within the network. For an L4 attribute enter a single UDP or TCP port or a range of UDP or TCP ports using the following format: Type/range. For example, both TCP/45 and UDP/34-56 are valid entries. 6 CLick OK to enter the attribute into the attribute list. 7 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. If you attempt to begin a different operation or leave the Grouping Manager applet without saving, the Grouping Manager will prompt you to save your changes. However, you can add and remove relationships and attributes in multiple operations on the resource you’ve selected before you save. Click the Cancel button at the bottom of the window to cancel the changes you’ve made to this group. To remove an attribute from the list of attributes, do the following: 1 Select one or more attributes you want to remove. 2 Click the Remove button . 3 To save your changes to the EPICenter database, click the Save button at the bottom of the Grouping Manager window. Click the Cancel button at the bottom of the window to cancel the changes you have made to this group. Searching for a Resource If you have a large number of resources defined in your EPICenter database, it may be cumbersome to find a specific resource in the Component Tree. In addition, you may want to be able to quickly identify all the resources that share a certain attribute. The Grouping Manager’s Search function lets you find resources using any of the resource information fields as well as attributes as search criteria. A search can be initiated either from the main toolbar, or by using the Find button in the Add Resource or Add Relationship pop-up windows. Setting up and executing the search is the same regardless of EPICenter Software Installation and User Guide 221 The Grouping Manager where you initiate the search; however, the actions you can take with the results differ depending on where you started from. The Search Results provide you with the name of the resources that match your criteria, and the paths (group hierarchy) to where the resources reside within your search scope. • If you initiate the Search from the main toolbar, you can select one or more resource in the result list, and remove them from their parent groups. See “Searching from the Main Toolbar,” on page 224 for more information. You can double-click a resource in the results list to see where it is located in the Component Tree. • If you initiate the search from an Add Relationship or Add Resource window, you can select one or more resources in the result list and add them to the Resource Results list in the Add Resource or Add Relationship window. See “Searching from the Add Resources or Add Relationship Window,” on page 225 for more information. Setting up a Resource Search To search for resources that match criteria you specify, do the following: 1 Click the Find button in the toolbar at the top of the main Grouping Manager window, or click the Find button in the Add Relationship or Add Resource pop-up windows. The Search Criteria window is displayed, as shown in Figure 96. Figure 96: Searching for a resource The top half of the window is used to specify your search criteria. The Component Tree is used to define a scope for the search. 222 EPICenter Software Installation and User Guide Searching for a Resource The bottom half of the window contains the results of the search. You can limit the number of results you want to receive in the case of a search that could yield a large number of matches. 2 Enter your search criteria using the fields in the top part of the window. A resource will match the query if it meets all the criteria specified in this section: — <ANY> specifies a wildcard match, meaning that any and all values for this item will produce a match. There are also two other ways to indicate a wildcard match: • The asterisk character * used by itself. • A blank field. — For Resource Name, Resource Description, and Resource Source, enter a string to specify the value you want to match. You can specify a partial match using the wildcard characters * and ?. • An * indicates a wildcard match of unspecified length. Specifying a Resource Name as “A*n” will find all Resources whose names start with “A” and end with “n.” This would include Ann, Alan, Allen, Allison, and so on. Using the * by itself is the same as specifying <ANY>. • A ? indicates a single character wildcard. Specifying a Resource Name as “A?n” will find all Resources whose name start with “A”, and with “n” and having exactly one character in between. This would include Ann and Ayn, but not Alan, Allen or Allison. — For Resource Type, select a specific type from the drop-down menu, or use <ANY> to match on all types. NOTE The values you enter into the search criteria fields are combined using a Boolean AND. This means a resource must match all the criteria you specify in these fields in order be included in the search results. 3 Enter any attribute specifications you want to use as search criteria. The process is similar to that used to add attributes to a resource. A resource will match the query if it matches any of the attributes specified in this section: a Enter an attribute name or a partial name using the * and ? wildcard characters. b Select an attribute type from the drop-down list in the Type field, or select <ANY> to match all attribute types. c Enter a value you want to match, or a partial match using the * and ? wildcard characters. d Click the Add button, , to add the attribute specification to the Attribute Criteria list. e To remove an attribute search criteria you have added to the Attribute Criteria list, select the attribute and click the Remove button . NOTE Attributes used as search criteria are combined using a Boolean OR. This means that a resource that matches all the criteria specified in search criteria fields (in the top part of the window) and that matches any one (or more) of the attribute criteria, will be included in the search results. 4 Specify a Scope for the search from the Component Tree at the left side of Search Criteria area. The scope will limit the search to the group you select, and its subordinate groups. By default the scope is set to the root-level group “Groups,” which means all groups will be searched. EPICenter Software Installation and User Guide 223 The Grouping Manager 5 To reset all the criteria to their defaults (<ANY>) and to clear the Attribute Criteria list, click the Reset button at the bottom of the window. 6 At the top of the Results portion of the window, select from the drop-down menu a limit for the number of matches you want to see. All indicates you want to see all matches. You can limit the results to 1, 10, 50, or 100 matches. The actual number of matches found will be displayed next to this field. 7 Click the Query button to initiate the search. The results will be displayed in the bottom portion of the window. The list will become a scrolling list if the number of results requires it. For each match, the results will display the following: — Resource ID: a unique internal number provided by the EPICenter software. This may be useful to distinguish between resources if you happen to have created several resources with the same name. — Resource Name: the name of the resource — Path: the path through the Group hierarchy to the location of the resource. Note that an individual resource (i.e. the same Name and ID) may appear multiple times in this list if it is a child of multiple groups. Once the list is complete, you can select resources in the Results list and take actions, depending on how you initiated the Find function. The buttons at the bottom of the window are slightly different depending on where you initiated the Find. See the following sections, “Searching from the Main Toolbar,” and “Searching from the Add Resources or Add Relationship Window,” on page 225, for details on how you can use the results of the search. Searching from the Main Toolbar When you initiate a search from the Main Toolbar, you can use the results to determine where a resource is used—i.e. to find out what groups it belongs to. Since a resource can be a child of multiple groups, this lets you identify all the parents of a particular resource. In particular, before you delete a resource from the EPICenter database, you may want to make sure that you know all the places it is being used to avoid problems when you remove it. Once you find a resource using the Find function from the main toolbar, you can remove instances of the resource directly from the Find window. Setting up a search is the same regardless of where you initiate the Find function. This is describe in the section “Setting up a Resource Search,” on page 222. To remove resources you have identified with the Search function, do the following: 1 Select and highlight the resource or resources you want to remove. You can double-click on the resource and its location is highlighted in the Component Tree. 2 Click the Remove button to remove those resources from the locations specified in the Results entries you’ve selected. The results list may present multiple entries for a given resource, if the resource is a child of multiple groups. You can remove a resource from specific groups on an individual basis without removing it from the EPICenter database. The Remove function is subject to the same restrictions as removing resource children through the Resource Details window. If the resource is a system or imported resource (its source is EPICenter, a file, LDAP database etc.) you cannot remove the resource from it’s “home” group—the group in which 224 EPICenter Software Installation and User Guide Importing Resources it was initially created. If the function is a user-defined resource (source is “Manual”), removing it from all groups will delete it from the EPICenter database. When you are finished, click the OK button to close the window. Searching from the Add Resources or Add Relationship Window When you initiate a search from the Add Resources or Add Relationship window, you can identify resources with a common set of attributes, which can simplify the process of finding the attributes you want to include in a group. Once you find a set of resource using the Find function from the Add Resources or Add Relationship windows, you can add those resources directly from the Find window to the Resource Results list of the “Add...” window. Setting up a search is the same regardless of where you initiate the Find function. This is describe in the section “Setting up a Resource Search,” on page 222. NOTE When you do a search from the Add Resources or Add Relationship windows, the results will include only those resources that are relevant to the Add function you are performing. To add resources you have identified with the Search function to the Resource Results list of the Add Resources or Add Relationship windows, do the following: 1 Select and highlight the resource or resources you want to add. 2 Click the Add button to add those resources to the Resource Results list. The selected resources are added to the list, and the Search window is closed. To close the Search window without adding any resources, click the Cancel button. Importing Resources The Import feature allows you to import user and host resource definitions, and groups containing those resources, from a source external to the EPICenter system. You can import from an NT Domain server, an NIS server, or an LDAP directory. You can also import host and user resource definitions from a tab-delimited text file. • Importing from a text file requires a tab-delimited file in a very specific format. • Importing from an LDAP directory requires an import specification file that defines how to map entries in the LDAP directory to resources and their attributes. • Importing default domain information from an NT Domain server or an NIS server does not require any special preparation. NOTE If you import information from an LDAP server or NT Domain Controller, that information will become visible to all EPICenter users. If this is a security concern, you may want to consider exporting information from the NT Domain Controller or LDAP directory to a file, and using that to create an import file that contains only the information that you want to be visible through EPICenter Grouping Manager. EPICenter Software Installation and User Guide 225 The Grouping Manager Imported resources are placed under a group created in the Import Sources group (one of the pre-defined EPICenter groups). The name you specify in the Source Name field of the Import dialog will be used as the group name. You can perform the same import operation (importing from the same source) multiple times. Once an import is complete, subsequent imports from the same source will act as an update: • Existing resources will be left intact (including any attributes you may have added). • New resources will be added. • Resources that have been removed from the source will be deleted from the EPICenter database. • Changes is group memberships and changes in relationships will be enacted. To import resources from an external source, do the following: 1 Click the Import button in the toolbar at the top of the main Grouping Manager window. The Import Resources window is displayed (see Figure 97). Figure 97: Importing resources 2 Select the type of source from which you want to import information. — Select NT Domain Controller/NIS to import information from the default Windows Domain Controller or NIS server. This will import information about users, hosts (stations), and user groups. See “Importing from an NT Domain Controller or NIS Server” on page 232for more detailed information. — Select LDAP to import information from an LDAP directory. See “Importing from an LDAP Directory” on page 227for information on modifying the file containing the LDAP import mapping specification. — Select File to import information from a tab-delimited text file. See “Importing from a File” on page 228for information on creating the import text file. — In the Source Name field, enter a name that will identify the source of the imported resources. This name is used for two purposes: • It is used to create a group under which all the resources imported in this operation are placed. The group is created under the Import Sources group. • It appears in the Source field of the Resource Details view, or in the Source column when the resource is displayed as a child of group, for all resources imported from this source. It can be used as a search criteria in the Find function. 3 Click Import to begin the import process. The import button will not be enabled until you enter a source name. Progress during the import will be displayed in a pop-up window, as shown in Figure 98. 226 EPICenter Software Installation and User Guide Importing Resources Figure 98: Monitoring the progress of an Import function 4 When the process has completed, click OK. If you are importing from a large source, the import process can take several minutes. The new group and resources will be available under the Import Sources group in the Component Tree. If errors occur in the import process, it is possible that no data will be imported. This can result in an empty import group in the Import Sources tree. Once you fix the problems, you can rerun the import. Importing from an LDAP Directory The EPICenter Grouping Manager supports importing groups, users, and hosts from a LDAP directory. The import process uses a TCL script to extract the requested data from the LDAP directory, and create a text file that specifies how the resources should be added to the EPICenter database. This file is in the same format as the import file discussed in “Importing from a File” on page 228. The import process uses an import specification file that defines the following: • The information you want to extract from the directory. • How to map that data to groups, resources, and attributes in the EPICenter Grouping module. The specification file must be named LDAPConfig.txt, and must reside in the EPICenter user/import directory. You can use the LDAPConfig.txt file provided in the EPICenter user/import directory as a template. You should only need to modify three lines in this file: host: the name of the host where the directory resides. user: the username, if required, to allow access to the directory. password: the password, if required, to allow access to the directory. NOTE The information below is provided as an aid to importing data from LDAP directories with schemas that differ from the template provided.However, Extreme Networks cannot provide support for modifications to the template file other than the three changes mentioned above. EPICenter Software Installation and User Guide 227 The Grouping Manager If your LDAP directory is organized differently, you can modify the LDAPConfig.txt file to meet your individual needs. This requires that you understand the organizational structure of the directory from which you want to import data. The LDAPConfig.txt file must include the following entries: base: specifies the LDAP naming context. Leave this blank to use the default LDAP naming context. This is required. attributes: specifies the attributes that you want to import into the EPICenter database from entries in the LDAP directory. By default, all imported attributes are considered type Generic.You can specify an EPICenter attribute type (Generic, IP/subnet, or Netlogin ID) by enclosing both the attribute name and the EPICenter attribute type in curly brackets, as shown: {uid {Netlogin ID}}. This is required. uniqueID: specifies the attribute that should be used in the EPICenter database as the ID for this resource. This is required. scope: the scope of the search (base, sub, one). This is required. groupBy: the attribute that should be used to create EPICenter sub-groups within the imported group structure. This is optional. memberNameAttribute: the attribute that should be used to define the child entry in a group. resourceName: the attribute that should be used as the displayed name of the resource within the EPICenter Grouping Manager. This is required. filterList: defines the search criteria. Because of the limits on the amount of data that a search will return in one operation, you may need to split your search into multiple operations, as is done in the example file. This is required. objectClassMapping: this maps an LDAP entry to a Grouping Manager resource type based on the object class of the entry. You will need multiple entries of this type. The name-value pair contains the EPICenter resource type on the left, and either the LDAP object class specification or an EPICenter resource type of the right. For example, the following line specifies that entries whose object class is “organizationalPerson” should be imported as user resources. objectClassMapping: user=organizationalPerson person Top The following line specifies that user resources can be group members. objectClassMapping: groupmember=user At least one mapping specification is required. You can comment out resource types that you don’t need to use in the sample file, or leave them. They will be ignored if not defined. Importing from a File To import data from a text file, you define the resources you want to import in a tab-delimited text file. The elements on each line are separated by tabs. The Import File Format The simplest way to create this file is to enter it in a spreadsheet program such as Microsoft Excel, and then export it as tab-delimited text. The elements on each line are separated by tabs. 228 EPICenter Software Installation and User Guide Importing Resources Format Definitions. The first three lines are required. They define the format of the data that follows. The first three lines are: #SYNTAX VERSION:1.0 Resource_UniqueName <tab> Resource_Type <tab>Resource_Name [<tab> attribute ... ] <tab> <tab> <tab> (<attribute_type>) [<tab> (<attribute_type>) ...] The first line simply defines the version of the import syntax: #SYNTAX VERSION:1.0 Enter this exactly as specified. The second line defines the mapping of the data in the file to EPICenter resources: Resource_UniqueName <tab> Resource_Type <tab> Resource_Name [<tab> attribute ... ] • The first three items are required, — Resource_UniqueName specifies that the first field maps to the unique ID. — Resource_Type specifies that the second field defines the resource type (user, host, group, device, or port). — ResourceName specifies that the third field maps to the resource name. This is the name that will appear as the name of the resource in the Grouping Manager. • The remaining items on the line define the attributes that can be included for each resource. The names you specify here will be used as the attribute names in the Grouping Manager. The third line defines the type of each attribute (Generic, IP/subnet, or Netlogin ID). <tab> <tab> <tab> (<attribute_type>) [<tab> (<attribute_type>) ...] Each type specifier must be enclosed by parenthesis, and separated from the preceding type specifier by a tab. Three tabs must precede the first type specifier. • The items in this line define the type of each attribute defined in line two. You must include a type specification for every attribute included in line two. • The first three items in line two do not require a type (as they are predefined). You skip these by including the three tabs before the first type specifier. Resource Definitions. The remaining lines in the first section define the resources to be imported. Each resource must include the uniqueID, the resource type, and a name. Attribute values are optional, and will be assigned in the order presented on the line (separated by tabs). These lines are formatted as follows: uniqueID1 <tab> <resource_type> <tab> resource_name1 <tab> {attribute <tab> ... } uniqueID2 <tab> <resource_type> <tab> resource_name2 <tab> {attribute <tab> ... } ... uniqueIDn <tab> <resource_type> <tab> resource_nameN <tab> {attribute <tab> ... } • uniqueID will be used as the resource’s unique name. It can be the same or different from the resource name. For a device, the uniqueID must be the device IP address. For a port it is the IP address of the device followed by the port number. • resource_type can be user, host, group, device, or port. • resource_name is the name that will be displayed as the name of the resource. EPICenter Software Installation and User Guide 229 The Grouping Manager • attribute defines the value of the attribute that corresponds to this position in the list. The combination of uniqueID and resource_type must be unique within this section. Duplicate definitions generate a warning. For example, assume the following format definition at the beginning of the import file: Resource_UniqueName Resource_Type Resource_Name Location Department RoomNo To create a user resource named Judy Jones, with three attributes: — Location, whose value is Denver — Department, whose value is Sales — RoomNo whose value is 3050 Enter a resource definition as follows: judy user Judy Jones Denver Sales 3050 You cannot use the Import function to create new device or port resources. You can import attributes for device and port resources, and define relationships for them. The device and port resources must already exist in the EPICenter database, and the names you specify must match their names in the database. See “Resource Details,” on page 209 for more information on the components of a resource. Group and Relationship Definitions. The second part of the file defines the relationships between the resources—both group membership and relationships between the resources themselves (see “Adding Relationships to a Resource,” on page 216 for more information about relationships). The #GROUPS# specification is required, even if you do not define any groups. #GROUPS# Each line in this section has the following form: <resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID> <resource_type>:<resource_uniqueID> <tab> <resource_type>:<resource_uniqueID> • resource_type can be user, host, group, device, or port. A group that exists in the EPICenter database (and is not defined in the import file) can be specified as a child of an imported group, but the reverse is not supported. • resource_uniqueID is the unique ID defined in the first part of the file (or known to exist already in the EPICenter database). For creating group membership relationships, the first type:ID pair defines the parent, the second one defines the child. Thus, the first pair must always be a group. The second pair can be a group or an individual resource. For defining peer-to-peer relationships, (user-host, user-port, and host-port relationships) either member of the relationship can be specified first. 230 EPICenter Software Installation and User Guide Importing Resources Example The following is an example of an import file. #SYNTAX VERSION:1.0 Resource_UniqueName Resource_TypeResource_Name IP Address DLCS OSType Dept (IP/Subnet)(DLCS ID)(Generic)(Generic) wendy user Wendy Lee NMS heidi user Heidi Smith NMS pam user Pam Johnson SQA eric user Eric Wilson SQA mary user Mary Baker NMS win2k host1 host2 host3 host4 host host host host host win2k host1 host2 host3 host4 ugr1 ugr2 hgr1 dgr1 switch portgr group group group group group group SQA dev hostgr1 eng1 switch portgr #GROUPS# group:ugr1 group:ugr1 group:ugr1 user:wendy user:heidi user:mary group:ugr2 group:ugr2 user:pam user:eric group:hgr1 group:hgr1 group:hgr1 host:win2k host:host1 host:host2 group:dgr1 group:dgr1 host:host3 host:host4 10.20.30.2 10.20.30.4 10.20.30.5 10.20.30.6 10.20.30.7 wlee windows HPUX Solaris windows Solaris NMS NMS NMS SQA SQA ## Host to User Relation user:wendy host:win2k user:heidi host:host1 user:mary host:host2 host:host3 user:pam host:host4 user:eric EPICenter Software Installation and User Guide 231 The Grouping Manager Importing from an NT Domain Controller or NIS Server Importing from an NT Domain Controller or NIS server is straightforward. The import is always done from the Domain Controller or NIS server that is serving the domain for the system running the EPICenter server. The type of system you are running will determine where the EPICenter server looks for the information. In order to import information from an NT Domain Controller, the EPICenter server must be running with the appropriate user permissions in order to extract the information from the Domain Controller. NOTE If you import information from an NT Domain Controller, that information will become visible to all EPICenter user. If this is a security concern, you may want to consider exporting information from the NT Domain Controller to a file, and using that to create an import file that contains only the information that you want to be visible through EPICenter Grouping Manager. The import process imports the following information: • For users: username, fullname, description. • For hosts: hostname, description, Primary IP address. • For groups (users only): name, description, usernames of members. The import process creates a file, import.txt, in the user/import subdirectory. 232 EPICenter Software Installation and User Guide 9 Using the IP/MAC Address Finder This chapter describes how to use the IP/MAC Address Finder applet for: • Creating search requests for locating specific MAC or IP addresses on the network, and determining the devices and ports where they are located. • Creating search requests to identify MAC and IP addresses on specific devices and ports. Overview of the IP/MAC Finder Applet Using the IP/MAC Address Finder applet you can specify a set of Media Access Control (MAC) or Internet Protocol (IP) network addresses, and a set of network devices to query for those addresses. The applet returns a list of the devices and ports associated with those addresses. You can also specify a set of devices and ports, and search for all MAC and IP addresses known to those devices and ports. The Search Tool lets you configure and start a search task, view the status of the task, and view the task results. The task specification and results are kept in the task list until you delete them, or until you log out of the EPICenter client. When you click the Find IP/MAC button in the Navigation Toolbar, the main IP/MAC Address Finder page is displayed as shown in Figure 99. Initially there are no search requests displayed. EPICenter Software Installation and User Guide 233 Using the IP/MAC Address Finder Figure 99: IP/MAC Address Finder main page ExtremeWare Software Requirements The IP/MAC AddressFinder applet requires certain versions of ExtremeWare to be running on your Extreme Networks switch in order to retrieve data from an IP address or MAC address search task. Table 7 lists versions of ExtremeWare and whether or not they are currently supported by the IP/MAC address applet. Table 7: ExtremeWare Requirements for Using the IP/MAC Address Applet ExtremeWare Version Requirements 2.x through 6.1.4 Fully supported using the dot1dTpFdbTable. 6.1.5 Not supported. 6.1.6 through 6.1.9 Supported using the using the dot1dTpFdbTable. Use the enable snmp dot1dTpFdbTable command to enable the dot1dTpFdbTable on the switch. 6.2 and above Fully supported using a private MIB. Tasks List Summary Window As search tasks are initiated, they are placed in the Find Address Tasks List in the Component Tree. Selecting the Find Address Tasks folder in the Component Tree displays a summary of the status of the tasks in the Task List (see Figure 100). 234 EPICenter Software Installation and User Guide Tasks List Summary Window Figure 100: Tasks List summary The Tasks List shows you basic information about the tasks you set up: • ID is automatically assigned by the EPICenter server • Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List • Type is the type of search this will perform. In EPICenter release 4.1, this is always Find Addresses • Status shows the status of the request • Date Submitted shows the date and time the task was submitted • Date Completed shows the date and time the task was finished From the Tasks List you can perform the following functions: • Select a Pending task and click Cancel to cancel the task before it has completed • Select a task and click Delete to delete an individual task. This deletes the task specification as well as the task results. Once a task has completed, it cannot be rerun unless it is the most recent task completed • Select a task and click ReRun to execute the task again • Select a task and click Clone to bring up the Find Addresses window with the specifications of the selected task already displayed • Select a task and click Export to export the task details to a text file. See “Exporting Task Results to a Text File” on page 240 for more information. • Select a task and click Export Local to export the task details locally to a text file on your client system. You can only use this feature if you are running the stand-alone client on your local system. If you are using the browser-based client, this button will be greyed out. See “Exporting Task Results to a Text File” on page 240 for more information. EPICenter Software Installation and User Guide 235 Using the IP/MAC Address Finder NOTE The specified tasks and their search results persist as long as you are running the EPICenter client, even if you leave the IP/MAC Address Finder applet and go to another EPICenter applet. However, when you exit the EPICenter client, all the task specifications and search results are deleted. Creating a Search Task To create a search task, click the Find button in the tool bar at the top of the IP/MAC Address Finder page. This displays the Find IP and MAC Addresses window (Figure 101). NOTE If you have already submitted a task, the most recent task with its specifications is displayed in the Find Addresses window. Figure 101: Find IP and MAC Addresses window 236 EPICenter Software Installation and User Guide Creating a Search Task To create a search task: 1 Enter the task name in the Task Name field. This name helps you identify the task in the Find Address Tasks List. Names of the form Task1, Task2 and so on are provided by default. 2 Define the search targets: in the Enter an Address group box, select either IP or MAC to determine the format of the address to search for, and enter the address into the fields provided. Click the Add Address button to add the address to the Addresses to Find list. — To find all addresses in the given search domain, click All in the Enter an Address group box, then click the Add Address button to add All to the to Addresses to Find list Note that All is added to the search list in addition to any individually-specified addresses. The All specification does overlap with the other target addresses. However, this allows the user to remove the All specification without losing the other addresses in the search list. — Click the WildCard button to search for a MAC address defined only by the first three hexadecimal tuples. The first three hexadecimal tuples in a MAC address are assigned to vendors, such as Extreme Networks, and they are vendor specific. The wildcard feature allows you to find all MAC addresses coming from a particular vendor. — Click the Remove Address button to remove an address from the list 3 Define the search domain. The Target Domains list specifies the scope of the devices to be included in the search. Devices not included in this domain will not be searched. You can define the search space in several ways: — Devices lets you select individual devices to include in the search — Device Groups lets you search all the devices in a specified device group — Ports lets you select individual ports to include in the search — PortGroups lets you search all the devices in a specified port group You can create a target domain that includes a combination of these specifications. NOTE The IP/MAC Finder applet does not support hierarchical port groups. If you have created port groups in the Grouping Manager that include subgroups as members, the subgroups will not appear in the Target Domains list. Instead, any ports that are members of subgroups will be displayed directly under the top-level port group, as if they are members of the top-level group. 4 If you select Devices or Ports as the Source Type, you must also select a Device Group from the Select Group field to define the list of devices that will appear in the Devices list. If you select Domains or PortGroups, this field well be inactive. 5 Select the Device, Port, Device Group, or Port Group that you want to search and click the Add button to move it into the Target Domains list. To remove a member of the Target Domains list, select the item in the list and click Remove. To clear the Target Domains list, click Remove All. 6 Define the search type. From the Search Type field, select Network to perform a search from the network or DataBase to perform a search from the EPICenter database using the collected edge port information. If you perform a network search, EPICenter reports unreachable devices. If you perform an EPICenter database search, EPICenter does not report unreachable devices. EPICenter Software Installation and User Guide 237 Using the IP/MAC Address Finder 7 When you have completed your search specification, click the Submit button at the bottom of the window to initiate the search. The IP/MAC Finder applet searches the IP Address Translation Table (the ipNetToMediaTable) in each device agent for IP addresses, and the Forwarding Database (FDB) for MAC addresses. NOTE The IP/MAC Finder applet will not identify a device’s own IP address when you search for IP addresses on that device. In other words, the applet will not find IP address 10.2.3.4 on the switch whose address is 10.2.3.4. It can only find addresses that are in the agent’s IP Address Translation table, and a device’s own address is not included in the table. The applet will find the address on the other switches that have connectivity to the switch with the target IP address, however. NOTE Each search task can return a maximum of 2,000 MAC address entries. If a search returns more than 2,000 entries, a warning message is displayed in the status window. If you see a warning message, add additional search constraints to reduce the number of returned MAC addresses to less than 2,000. Detailed Task View When you initiate a search, the task is placed in the Find Address Tasks list in the Component Tree. The main panel displays the Detailed Task View for the current search task (see Figure 102). Figure 102: Search in progress 238 EPICenter Software Installation and User Guide Detailed Task View While the task is in progress, the window shows the status as Pending. When the search is complete, the Detailed Task View shows the results for the search (Figure 103). Figure 103: Address search results in the Detailed Task view The Detailed Task View shows the following information about your search. • Task Name is the name you gave the task when you created it. Giving a task a unique name is important to distinguish it from other tasks in the Tasks List • Status shows the status of the request • Submitted shows the date and time the task was submitted • Completed shows the data and time the task was finished The Search Criteria areas shows: • The list of IP or MAC addresses that were the object of the search • The Search Domains where the search took place. The Search Domains lists shows the name and type (Device or Group) of the components of the domain specification EPICenter Software Installation and User Guide 239 Using the IP/MAC Address Finder The Search Results list shows the results of the search. For every address successfully located, this list shows: • Both the MAC address and the corresponding IP address. • The switch and port to which the address is connected. • The User (name) currently logged in at that address. Once the search is complete, the search results will stay in the Tasks List until you explicitly delete them using the Delete Function from the Tasks List Summary View, or until you exit the EPICenter client. From the Task Detail window you can do the following: • Click Delete to delete this task. This deletes the task specification as well as the task results. • Click ReRun to execute the task again. • Click Clone to bring up the Find Addresses window with the specifications of the selected task already displayed. • Click Export to export task search results to a text file on the server machine. See “Exporting Task Results to a Text File” on page 240 for more information. • Click Export Local to export task search results locally to a text file on your client system. You can only use this feature if you are running the stand-alone client on your local system. If you are using the browser-based client, this button will be greyed out. See “Exporting Task Results to a Text File” on page 240 for more information. The text field is located above the Delete, ReRun, Clone, and so on, action buttons. It provides search status details, such as a list of devices that are offline or not reachable. Exporting Task Results to a Text File You can export a task’s detail results or search results to a text file. You can do this from the Tasks List. To export the detail or search results to a file, do the following: 1 From the Detailed Task View, click the Export button if you are running the browser-based client. Click the Export Local button if you are running the stand-alone client and you want to save the file locally. If you select Export, the Export pop-up dialog is displayed. If you select Export Local, the Save dialog is displayed. 2 Enter a file name and subdirectory name in the fields provided. If you select Export: — Detail and search result files for a task are saved in the EPICenter user/AddressFinderResults directory, which is a subdirectory of the EPICenter installation directory. You can optionally specify a subdirectory within the AddressFinderResults directory by entering the subdirectory name into the Directory field. — By default, a search result exported file will be given a name created from the current date, time, and task name. For example, the results for task “Task 2” run on April 25, 2001 at 3:52 pm will be saved in a file named 2001_4_25_1552_Task 2.txt. You can change the file name by replacing the name in the File Name field. 240 EPICenter Software Installation and User Guide Detailed Task View If you select Export Local: — Detail and search result files for a task are saved by default in the WINNT\Profiles\user directory on Windows systems or your local home directory on Solaris systems. You can also choose to save the file in a different location in the Save dialog. 3 Click the Apply button to save the results. Click Reset to clear all the fields. Click Close to close the dialog without saving the file. EPICenter Software Installation and User Guide 241 Using the IP/MAC Address Finder 242 EPICenter Software Installation and User Guide 10 Using ExtremeView This chapter describes how to use ExtremeView for: • Viewing Extreme and third-party device status. • Viewing and setting Extreme device configuration information using the ExtremeWare Vista graphical user interface. • Viewing Extreme device statistics using the ExtremeWare Vista graphical user interface. Overview of the ExtremeView Application The ExtremeView applet displays information about the status of Extreme switches (Summit, Alpine, and Black Diamond switches) and third-party devices managed by EPICenter. Any EPICenter user can view status information about these network devices. Users with Administrator or Manager access can view and modify configuration information for those switches through the ExtremeWare Vista graphical user interface. ExtremeWare Vista is device management software running in a Summit, Alpine, or Black Diamond switch. It allows you to access the switch over a TCP/IP network using a standard Web browser, and provides a set of pages for configuring and monitoring the Summit or Black Diamond switch. NOTE You must have a user account on the Extreme switch to run ExtremeWare Vista on the switch. A user account on a switch is separate from an EPICenter user account. When you click the EView button in the Navigation Toolbar, the main ExtremeView page appears as shown in Figure 104. EPICenter Software Installation and User Guide 243 Using ExtremeView Figure 104: The ExtremeView applet, main page Use the tabs in the Component status/detail panel as follows: • Status displays status information for the devices known to EPICenter. You can view summary status for the devices within a device group. You can view status and configuration information for individual devices, slots, and ports through a front panel view accompanied by a table of configuration and status information. Select a device subnode under a Device Group name node to view configuration information for the device. • Configuration displays configuration information for Extreme Networks switches based on the configuration categories in ExtremeWare Vista. You can view summary configuration information for all devices in a device group known to EPICenter, as well as detailed configuration information for individual Extreme Networks switches, organized by ExtremeWare Vista configuration categories. Individual third-party devices cannot be accessed through this feature. • Statistics displays monitoring results for Extreme Networks switches, also based on ExtremeWare Vista statistics monitoring categories. You can view summary statistics that include active and inactive port counters for all Extreme Networks devices—in a specific device group—known to EPICenter, or statistics for individual Extreme Networks switches. Individual third-party devices cannot be accessed through this feature. Viewing Device Status Information Select the Status tab in the ExtremeView applet to display the Status window. The Status window displays a summary of all of the device groups known to EPICenter, as shown in Figure 105. 244 EPICenter Software Installation and User Guide Viewing Device Status Information Figure 105: The ExtremeView applet, Status window To show summary status for the devices in a Device Group, select a Device Group name from the Component Tree on the left (see Figure 106). Figure 106: The ExtremeView applet, device group status EPICenter Software Installation and User Guide 245 Using ExtremeView The following status information is displayed: • The status “lights” show the status of the device as detected by EPICenter. Table 8: ExtremeView Device Status Indicators Status Light Green Yellow Grey Red Device Status Device is up and OK Device is responding, but reports an error condition such as a fan or power supply failure, or excessive temperature Device is offline. EPICenter cannot communicate with the device. You can create references to the device for alarms, policy, groups, device groups, RMON thresholds, and so on. The network state of the device, including port status, ESRP, configured VLANs, STP, and so on, is preserved when the device comes online. Device is not responding to EPICenter status queries. This may mean that the switch is down, that it is unreachable on the network, or that the SNMP community strings have changed and EPICenter can no longer contact the switch. • The name, type of switch, IP address, the ExtremeWare software version, and the last reboot time are retrieved from the device by EPICenter. Select a device in the Component Tree on the left to display detailed configuration and status information, as shown in Figure 107. This display shows additional information that EPICenter has gathered from the switch agent. Figure 107: The ExtremeView applet, switch status 246 EPICenter Software Installation and User Guide Viewing Device Status Information This view shows an active graphical display of the switch front panel, as well as a panel of status information. You can view the status of individual modules (slots), ports, and power supplies (where shown), as shown in Figure 108, in two ways: • Select the slot, port, or power supply by clicking the cursor on the item in the switch image. • Display the list of slots or ports in the Component Tree, and select the element about which you want status information. NOTE The Component Tree does not display the empty slots in a device. Figure 108: The ExtremeView applet, port status Selected port The right-hand panel displays status information about the selected port There are a few Extreme devices, such as the Summit24e2T, Summit24e2X, and Summit Px1 switches, on which the ports are not selectable through ExtremeView. In these cases, the ifIndex entries for the device are displayed in the Device Information panel on the right. Third-party Device Status If the device you select is a third-party device, and EPICenter does not have an image for the specific model, it displays a generic device image (a vendor-specific image if possible, but without model-specific details). If there is no configuration file for the device, and it is being managed by the EPICenter, the ifIndex entries for the entire device are displayed in the Device Information panel on the right. Figure 109 shows a third-party device with an unknown configuration. EPICenter Software Installation and User Guide 247 Using ExtremeView Figure 109: A third-party device with unknown configuration The port type is ethernet-csmacd(6) by default. However, some devices may support other port types. For example, some 3Com devices support a layer 3 module which is of type other(1). As Extreme Networks continues to develop additional device images, they will be made available on Extreme Networks’ support web site at: www.extremenetworks.com/services/software/epicenter.asp under the the Patches section. You can also contact your Extreme Networks sales representative or reseller if you would like help from Extreme’s Professional Services organization for creating images or configuration files for specific devices. Viewing Switch Configuration Information Select the Configuration tab in the ExtremeView applet to display the Configuration window. The Configuration window displays a summary of all of the device groups known to EPICenter, as shown in Figure 110. 248 EPICenter Software Installation and User Guide Viewing Switch Configuration Information Figure 110: The ExtremeView applet, Configuration window To show a configuration summary for the Extreme Networks switches in a device group, select a device group name from the Component Tree on the left (see Figure 111). EPICenter Software Installation and User Guide 249 Using ExtremeView Figure 111: The ExtremeView applet, Configuration summary The sub-components under the device group name in the Component Tree are the devices that are members of the device group. Select a device, slot, or port from the Component Tree on the left to display the categories of configuration information that are available through this applet for the selected device, as shown in Figure 112. 250 EPICenter Software Installation and User Guide Viewing Switch Configuration Information Figure 112: The ExtremeView applet, ExtremeWare Vista summary The categories in the Configuration window correspond to pages from the ExtremeWare Vista application running on the switch. Select one of the categories to view the configuration settings for that switch in the category you have chosen. As shown in Figure 113, this displays the current switch configuration, and provides an interface through which you can change the configuration. EPICenter Software Installation and User Guide 251 Using ExtremeView Figure 113: The ExtremeView applet, Configuration details Enter your changes directly into the editable fields in the configuration display. When you have made the necessary configuration changes, click Submit to send these to the switch for implementation. 252 EPICenter Software Installation and User Guide Viewing Switch Statistics Viewing Switch Statistics Select the Statistics tab in the ExtremeView applet to display the Statistics window. The Statistics window displays a summary of all of the device groups known to EPICenter, as shown in Figure 114. Figure 114: The ExtremeView applet, Statistics window To show summary statistics for Extreme switches in a device group, select a device group name from the Component Tree on the left (see Figure 115). EPICenter Software Installation and User Guide 253 Using ExtremeView Figure 115: The ExtremeView applet, device group statistics The sub-components under the device group name in the Component Tree are the devices that are members of the device group. Select a device from the Component Tree on the left to display the categories of statistical information that are available through this applet for the selected device, as shown in Figure 116. Figure 116: The ExtremeView applet, ExtremeWare Vista statistics 254 EPICenter Software Installation and User Guide Finding Devices The categories in the Statistics window correspond to pages of information from the ExtremeWare Vista application running on the switch. Select one of these categories to to view the configuration settings for that switch in the category you have chosen. This displays the selected set of statistics for the selected switch. For some types of statistics, you may be able to view the data in different ways through the use of view options or filters, such as the options shown in Figure 117. Figure 117: The ExtremeView applet, Statistics details Finding Devices You can search for a device in the EPICenter database by name, by IP address, or by type of device. This may be useful if you have a large number of devices in your inventory. To search for a device, follow these steps: 1 Click Find at the top of the ExtremeView applet page. 2 Enter your search criteria: You can search for devices by name or by IP address. You can limit the search to a specific domain, or to a specific type of Extreme device. Search criteria can include: — A device name. Click the Device Name button, and enter a complete or partial name in the Search: field. — An IP address. Click the IP Address button and enter a complete or partial IP address in the Search: field. You can use the wild card characters * or ? in your search criteria. * acts as a wildcard for an entire octet (0-255) ? is a wildcard for a single digit (0-9) EPICenter Software Installation and User Guide 255 Using ExtremeView — A domain. Select the domain from the drop-down menu in the domain field. If you do not specify a name or IP address in the Search field, all devices in the domain you select will be found. — A device type. Select the device type from the drop-down menu in the type field. If you do not specify a name or IP address in the Search field, all devices of the type you select will be found. 3 Click Find to search for devices that meet the criteria you have specified. All devices found are listed in the center panel. Information includes the domain in which the device can be found, its name, IP address, and the type of device. 4 Double-click on a device in the results table to highlight the device in the Component Tree, or select a device in the results table and click Go To, to display the associated front panel view and status information for that device (see “Viewing Device Status Information” on page 244). If you click Go To, the search window will close. 5 Click New Search to clear all search criteria. 6 Click Close to close the search window. Viewing Device Information from Pop-up Menus You can select a device group, a device, a slot, or a port in the Component Tree, then right-click to display a pop-up menu that contains the Properties command. The Properties command displays the attributes for a specific device group, device, slot, or port. The device pop-up menu also contains the Alarms, Browse, Statistics, Sync, Telnet, and VLANs commands. All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed. Properties The Properties function lets you view the attributes for a selected device group, device, slot, or port. Device Group To view the Properties display for all device groups: • Right-click on the Device Groups component, then select Properties from the pop-up menu that appears The Device Groups Properties window appears and displays the number of device groups and the names of the device groups that are known to EPICenter. To view the Properties display for a selected device group: • Right-click on the device group, then select Properties from the pop-up menu that appears The Device Group Properties window appears and displays the attributes for the selected device group. See “Device Group Properties” on page 259” for details on using this feature. Device To view the Properties display for a selected device: • Right-click on the device, then select Properties from the pop-up menu that appears 256 EPICenter Software Installation and User Guide Viewing Device Information from Pop-up Menus The Device Properties window appears and displays the attributes for the selected device. See “Device Properties” on page 259 for details on using this feature. Slot To view the Properties display for a selected slot: • Right-click on the slot, then select Properties from the pop-up menu that appears The Slot Properties window appears and displays the attributes for the selected slot. See “Slot Properties” on page 260 for details on using this feature. Port To view the Properties display for a selected port: • Right-click on the port, then select Properties from the pop-up menu that appears The Device Port Properties window has two tabs at the top of the window: • Port — The Port tab displays the attributes for the selected port. See “Port Properties” on page 263 for details on using this feature. • Network Login/802.1x — The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the port. For more details about the Network Login/802.1x tab, see Chapter 4, “Using the Inventory Manager.” Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Devices -> Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5 for details on using this feature. Browse The Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Devices -> Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new web browser window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EPICenter Software Installation and User Guide 257 Using ExtremeView Statistics The Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Devices -> Statistics from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device. See Chapter 11 for details on using this feature. Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. See Chapter 7 for details on using this feature. Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device: • Right-click on the device, then select Devices -> Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7 for details on using this feature. VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select Devices -> VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database. See Chapter 13 for details on using this feature. 258 EPICenter Software Installation and User Guide Displaying Properties Displaying Properties You can view the properties of a device group, device, slot, or port in the EPICenter database. This section describes how to view properties through the ExtremeView applet. Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display. This displays a list of the current device groups and their descriptions. For more details about this display, see Chapter 4. You can also view properties for a specific device group. To view properties for a specific device group, right-click on a device group and select Properties from the pop-up menu. The Device Group Properties window appears, showing information about the selected group. This includes the group description, the number of devices in the group, and a list of the devices. For more details about this display, see Chapter 4. Device Properties To view properties for a device, right-click on a device in the Component Tree and select Properties from the pop-up menu that appears. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab The VLAN tab lists the VLANs configured on the device. EPICenter Software Installation and User Guide 259 Using ExtremeView The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device. Slot Properties To view slot properties, do the following: 1 From the Component Tree, click on the plus sign of a modular device to display the slots for that particular device. 2 Right-click on a slot and select Properties from the pop-up menu that appears. The Device Slot Properties window appears. The information displayed in this window depends on whether the module requires additional software to be installed. For modules that do not require a special version of ExtremeWare to be installed, the Device Slot Properties window appears, as shown in Figure 118. Figure 118: Device Slot Properties window for modules that do not require additional software 260 EPICenter Software Installation and User Guide Displaying Properties For these modules, the Device Slot Properties window displays two tabs: • Slot • Network Login/802.1x The Slot tab displays the following information: • Slot Name—The number, or letter, of the slot where the module is installed • Configured Type—The type of module that is configured for the slot • Inserted Type—The type of module that is inserted into the slot • Module State—The operational state of the module • Serial Number—The serial number of the module For modules that require a special version of ExtremeWare to be installed, the Device Slot Properties window appears, as shown in Figure 119. Figure 119: Device Slot Properties window for modules that require additional software For these modules, the Slot tab of the Device Slot Properties window displays the following information: • Slot Name—The number, or letter, of the slot where the module is installed • Configured Type—The type of module that is configured for the slot • Inserted Type—The type of module that is inserted into the slot • Module State—The operational state of the module • Serial Number—The serial number of the module EPICenter Software Installation and User Guide 261 Using ExtremeView • Description—A description of the module that is inserted into the slot • Primary Version—The primary ExtremeWare software image running on the module • Secondary Version—The secondary ExtremeWare software image running on the module • Current Version—The current ExtremeWare software image running on the module • BootROM Version—The current BootROM image running on the module • Module Processor State—The operational state of the General Processor and the Network Processor(s) in the module. NOTE The Component Tree does not display the empty slots in a device. To view Network Login/802.1x information, click the Network Login/802.1x tab, as shown in Figure 120. Figure 120: Network Login/802.1x tab of Device Slot Properties window The Network Login/802.1x tab lists the following Network Login/802.1x information about each user connected to the slot: • Port—The port on the device on which the user is logged in. • User Name—The name of the user. • IP Address—The IP address of the user’s host. • Login Type—The login type, either network login or 802.1x. • MAC Address—The MAC address of the user’s host. 262 EPICenter Software Installation and User Guide Displaying Properties • VLAN—The VLAN to which the port belongs. Port Properties To view port properties, do the following: 1 From the Component Tree, click on the plus sign of a device. For a non-modular device, this displays the ports for that particular device. For a modular device, this displays the slots for that particular device. Click on the plus sign of a slot to display the ports for that particular device. 2 Right-click on a port and select Properties from the pop-up menu that appears. The Device Port Properties window appears, as shown in Figure 121. Figure 121: Device Port Properties window EPICenter Software Installation and User Guide 263 Using ExtremeView The Device Port Properties window has two tabs: • Port • Network Login/802.1x The Port tab displays the following information: • Port Number—The number of the port • Configured Type—The type of port • Media—The media for a redundant port (Primary or Redundant) • Port Enabled—Whether the port is enabled (yes) or not enabled (no) • Actual Speed—The speed of the port • Actual Duplex—The duplex setting of the port (Half, Full, or None ) • Load Sharing—The load sharing state of the port (On or Off) • Uplink Status—The uplink status of the port (Uplink or Edge port) To view Network Login/802.1x information, click the Network Login/802.1x tab, as shown in Figure 122. Figure 122: Network Login/802.1x tab of Device Plot Properties window The Network Login/802.1x tab lists the following Network Login/802.1x information about each user connected to the port: • Port—The port on the device on which the user is logged in. • User Name—The name of the user. • IP Address—The IP address of the user’s host. 264 EPICenter Software Installation and User Guide Displaying Properties • Login Type—The login type, either network login or 802.1x. • MAC Address—The MAC address of the user’s host. • VLAN—The VLAN to which the port belongs. EPICenter Software Installation and User Guide 265 Using ExtremeView 266 EPICenter Software Installation and User Guide 11 Real-Time Statistics This chapter describes how to use the Real-Time Statistics applet for: • Viewing percentage utilization or total errors data for multiple ports in an Extreme Networks switch, a switch slot, or a port group. • Viewing historical utilization, total errors, or individual errors data for a specific port on an Extreme Networks switch. Overview of Real-Time Statistics The Real-Time Statistics feature of the EPICenter software enables you to view a graphical presentation of utilization and error statistics for Extreme Networks switches in real time. The data is taken from Management Information Base (MIB) objects in the etherHistory table of the Remote Monitoring (RMON) MIB. The Real-Time Statistics function is supported only for Extreme Networks switches. NOTE You must have RMON enabled on the switch in order to collect real-time statistics for the switch. You can view data for multiple ports on a device, device slot, or within a port group, and optionally limit the display to the “top N” ports (where N is a number you can configure). If you choose to view multiple ports, the display shows data for the most recent sampling interval for the selected set of ports. The display is updated every sampling interval. You can also view historical statistics for a single port. If you choose to view a single port, the display shows the value of the selected variable(s) over time, based on the number of datapoints the MIB maintains in the etherHistory table. You can choose from a variety of styles of charts and graphs as well as a tabular display. EPICenter Software Installation and User Guide 267 Real-Time Statistics You can view the following types of data: • Percent Utilization for each port in the set (device, port group, or single port). Percent utilization reports the value of the etherHistoryUtilization MIB object. The MIB defines this variable as follows: Table 9: Definition of RMON Utilization Variable Used in Port Utilization Displays etherHistoryUtilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval, graphed in percents. • Total Errors for each port in the set (device, port group, or single port). Total Errors is the sum of the six error variables shown in Table 10. • Individual Errors for a single port. An individual errors display shows the six variables shown in Table 10. Table 10: Definition of RMON etherHistory Error Variables for Port Error Displays etherHistoryCRCAlignErrors The number of packets received during this sampling interval that had a length between 64 and 1518 octets, inclusive (excluding framing bits but including Frame Check Sequence (FCS) octets), but that had either a bad FCS with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). etherHistoryUndersizePkts The number of packets received during this sampling interval that were less than 64 octets long (excluding framing bits but including FCS octets) and were otherwise well formed. etherHistoryOversizePkts The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets) but were otherwise well formed. etherHistoryFragments The total number of packets received during this sampling interval that were less than 64 octets in length (excluding framing bits but including FCS octets) had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). etherHistoryJabbers The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error). etherHistoryCollisions The best estimate of the total number of collisions on this Ethernet segment during this sampling interval. You can choose to have the component tree show the device name only, the device name followed by the IP address in parentheses, or the device IP address followed by the device name in parentheses. See Chapter 16, “Administering EPICenter” for more details about how to display the device in the component tree. 268 EPICenter Software Installation and User Guide Displaying Multi-port Statistics Displaying Multi-port Statistics When you click the RT Stats button in the Navigation Toolbar, the main Real-Time Statistics page is displayed, as shown in Figure 123. Initially, no data is displayed—you see a message asking you to select a device, device slot, or port group to be displayed. The Component Tree displays the devices and port groups for which you can display statistics. An “S” in a red circle next to a device name indicates that the device is not responding to SNMP requests. A port group with a red-circled “S” indicates that the port group is empty. NOTE The Real-Time Statistics applet does not support hierarchical port groups. If you have created port groups in the Grouping Manager that include subgroups as members, the subgroups will not appear in the Component Tree of the Real-Time statistics applet. Instead, any ports that are members of subgroups will be displayed directly under the top-level port group, as if they are members of the top-level group. Figure 123: Real-Time Statistics main page For an individual port, you can display individual errors in addition to utilization and total errors. • Select a network device to display data for some or all ports on the device. • Select a port group to display data for all ports in the port group. You will first see a message saying “Please wait, loading statistics data.” If the EPICenter server is successful in accessing the data, utilization data is displayed as shown in Figure 124. EPICenter Software Installation and User Guide 269 Real-Time Statistics Figure 124: Bar chart showing port statistics for a group of ports If you place the cursor near a bar in the chart, a pop-up window shows the port number and device, actual data value, and the time stamp on the data sample. You can use the mouse to change the depth and rotation of a 3-dimensional chart: • Hold down the [Shift] key, press the left mouse button, and drag the cursor left or right to rotate the graph. • Hold down the [Ctrl] key, press the left mouse button, and drag the cursor up or down to set the depth of the 3-dimensional view. For any of the bar graphs, move the cursor and then wait to see the change take effect, which may take a few seconds. There are cases where you may not see data for every port you expect in a multi-port display: • You have selected the “top N” feature (top 15 by default), so only the “N” ports with the highest utilization or the highest total number of errors are displayed. • RMON is disabled for some ports on the switch. If the switch as a whole can be reached and is reporting data, then individual ports that do not report data will be ignored. No error message appears in this case. If the EPICenter server is not successful in loading data from the device, it displays a message similar to that shown in Figure 125. 270 EPICenter Software Installation and User Guide Displaying Statistics For a Single Port Figure 125: Warning displayed when the EPICenter server cannot retrieve data There are several reasons why the EPICenter server may not be able to display any device data: • The EPICenter server cannot communicate with the device (indicated by an “S” in a red circle next to the device name). • The device does not have RMON enabled, or RMON was just recently enabled and no data samples exist yet. • The device is marked offline. Displaying Statistics For a Single Port In addition to displaying data for a set of ports, you can display historical data for an individual port. You can select a port in one of two ways: • Double-click on the data point for an individual port in the device or port group statistics display (bar, data point, or pie slice in the respective chart, or row in a tabular display). • Click on a device, device slot, or port group in the left-side Component Tree to list the ports it contains, then select a port. A set of utilization statistics for the selected port is displayed, as shown in Figure 126. EPICenter Software Installation and User Guide 271 Real-Time Statistics Figure 126: Utilization data over time for an individual port on a device The number of data points displayed, and the sampling interval are user-configurable parameters, within the limitations of the device configuration. The defaults are: • A 30-second sampling interval • 50 data points displayed NOTE For BlackDiamond switches, only 25 data points are displayed because that is the maximum number of values the switch stores as historical data. For an individual port, you can display individual errors in addition to utilization and total errors. • Select the tab at the bottom of the page to generate one of these displays. Figure 127 is an example. 272 EPICenter Software Installation and User Guide Changing the Display Mode Figure 127: Individual errors in a single-port chart Changing the Display Mode The icons at the top of the page let you select the format of the statistical display, and control several other aspects of the display. Select this to determine whether the display for a device or port group will include all ports, or only the top N ports (where N is initially fifteen). Click the icon to toggle between the red X, which indicates the top N limitation is not in effect, and a green check, which indicates that the top N ports are being displayed. The top N ports are displayed in order from highest (largest percent utilization or largest total errors) to lowest. The number of ports (N) is a user-configurable setting. This option is available only for multi-port displays. Select this to display the data as a line graph. This chart type is especially useful when displaying individual errors for a single port. Select this to display the data as a pie chart. This chart type is available only when you are displaying statistics for multiple ports on a device, device slot, or in a port group. The maximum number of slices in the pie is a user-configurable setting. It is initially set to display 10 slices. EPICenter Software Installation and User Guide 273 Real-Time Statistics Select this to display the data as a bar chart. A 3D bar chart is the default for all chart displays. The 3D setting is also a user-configurable option. Select this to display the data as a horizontal bar chart. This chart type by default displays in 3D. The 3D setting is also a user-configurable option. Select this to display the data as a stacked bar chart. This chart type is only available when you are displaying individual errors for a single port. Select this to display the data as an area chart. This chart type by default displays in 3D. The 3D setting is also a user-configurable option. Select this to display the data as a table. Select this to zoom in on (magnify) the size of the display. You can select this repeatedly to zoom up to three times the screen size. Select this to zoom out (shrink) the size of the display. You can select this repeatedly until the chart is the desired size. Select this to display grid lines on the background of the chart. Determines whether the graph data is updated automatically at every sampling interval. Click on the icon to toggle between continuous updates, and suspended updates. Select this to take a “snapshot” of the graph or table view of the current real-time statistics data. Select this to bring up the graph preferences pop-up window. You can change a variety of settings, such as graph and data colors, the sampling interval, or the number of ports in a top N display. Setting Graph Preferences To change the graph settings used in this applet, click the Set Graph Preferences icon in the toolbar. The Graph Preferences window is displayed, as shown in Figure 128. 274 EPICenter Software Installation and User Guide Setting Graph Preferences Use the tabs across the top of the window to select the type of setting you want to change. Each tab displays a page with a group of related settings. When you have changed any setting you want on a given page: • Click Apply to put the changes into effect, but keep the Graph Preferences window open so you can make changes on another page. • Click OK to put the changes into effect and close the Graph Preferences window. NOTE The Graph preferences settings are not persistent—if you log out and close your EPICenter Client or browser, the settings will return to the defaults. Graph View (Figure 128) lets you change from 3D to 2D displays, and change the values for the 3D depth, elevation and rotation. Figure 128: Setting 3D graph preferences • To change to a 2D graph view, click the Set 3D Graph View box to remove the check mark. • View Depth controls the depth of a bar. The default is 10, maximum is 1000. • View Elevation controls the elevation (rise) from the front of the bar to the back, in degrees. The default is 10°, range is ±45°. • View Rotation controls the angle of rotation of the bar, in degrees. The default is 12°, range is ±45°. • Minimum Graphed Utilization specifies the minimum scale for the Y axis for utilization graphs. The default is 1.0 (1%), meaning that the Y axis will not show less than 1% as the top value of the Y axis. • Minimum Graphed Errors specifies the minimum scale for the Y axis for error graphs. The default is 25, meaning that the Y axis will not show less than 25 errors as the top value of the Y axis. EPICenter Software Installation and User Guide 275 Real-Time Statistics Graph Colors (Figure 129) lets you set the colors for the graph background and text (data and axis labels). Figure 129: Setting graph color preferences • To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. • Set Graph Background Color sets the color of the background surrounding the graph. • Set Graph Foreground Color sets the color of the text and bar outlines. • Set Plot Background Color sets the color of the background behind the graph data. Data Colors (Figure 130) lets you set the colors used for the various data sets in your graph. Figure 130: Setting data color preferences • To change a color, click on a button with the color bar icon. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. • Data Color 1 is the color used for Utilization and Total Error graphs. • Data colors 1 through 6 are used for the different errors in a individual errors chart. • Data colors in order starting from 1 are used in a pie chart, for as many slices as you’ve specified. (If you specify more than 12 slices, the colors will repeat, with slice 13 using the same color as slice 1). 276 EPICenter Software Installation and User Guide Taking Graph Snapshots Graph Data (Figure 131) lets you set several miscellaneous graph parameters. Figure 131: Setting other graph preferences • Top N Display Count specifies the number of ports to include in a Top N display. The default is 15, maximum is 100. • Pie Slice Display Count specifies the number of slices to display in a pie chart. The default is 10, maximum is 50. • Historical Data Display Count specifies the number of historical data points to display in a graph for an individual port. The default is 50, the maximum value you can set is 100. However, the actual maximum number of data points you can get is determined by the SNMP agent running in the device from which you are getting data. • Historical Data Sampling Interval is the sampling interval to use when displaying historical data. Select a choice from the pull-down list. The choices in the list are determined by the configuration of the device from which you are getting data. Taking Graph Snapshots The Real-Time Statistics Snapshot feature lets you take a static image of a graph or table view of the current real-time statistics data. The snapshot generates a persistent HTML page that is displayed in a separate window (see Figure 132). EPICenter Software Installation and User Guide 277 Real-Time Statistics Figure 132: Snapshot of Real-Time Statistics graph display To take a snapshot, click the camera icon located in the toolbar at the top of the RT Statistics applet window. The snapshot image will be displayed in a new window in the same form (graph or table) as it was in the RT Statistics applet. Graph images reflect the current display size and graph type (pie, bar, etc.). From the window, the snapshot image can be saved as a file, printed, or sent by e-mail, just as with any other HTML page. When a graph image is displayed in the window, you can click a link below the initial display to change the way the data is displayed: • display table reformats the data as a table • display graph/table displays both the graph and table formats on the same HTML page • display graph image displays the data as a graph, in the style in which it was displayed when the snapshot was taken. NOTE Once you select “display graph image” you can no longer change the display format to a table or to a dual display. However, you can use the browser “Back” button to go to the previously displayed page. When you snapshot a table, you cannot change to a graph from within the snapshot image window. The HTML page persists in a snapshot image cache until the EPICenter server is restarted, or until the image cache becomes full. When the image cache reaches its limit, older snapshot images will be deleted as needed to make room for new snapshot images. 278 EPICenter Software Installation and User Guide Viewing Device Information from Pop-up Menus Viewing Device Information from Pop-up Menus You can select a device, a slot, or a port in the Component Tree, then right-click to display a pop-up menu that contains the Properties command. The Properties command displays the attributes for a specific device group, device, slot, or port. The device pop-up menu also contains the Alarms, Browse, EView, Sync, Telnet, and VLANs commands. All of these commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with the appropriate device displayed. Properties The Properties function lets you view the attributes for a selected device, slot, or port. Device To view the Properties display for a selected device: • Right-click on the device, then select Properties from the pop-up menu that appears The Device Properties window appears and displays the attributes for the selected device. See “Device Properties” on page 281 for details on using this feature. Slot To view the Properties display for a selected slot: • Right-click on the slot, then select Properties from the pop-up menu that appears The Slot Properties window appears and displays the attributes for the selected slot. See “Slot Properties” on page 282 for details on using this feature. Port To view the Properties display for a selected port: • Right-click on the slot, then select Properties from the pop-up menu that appears The Port Properties window appears and displays the attributes for the selected port. See “Port Properties” on page 283 for details on using this feature. Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5, “The EPICenter Alarm System” for details on using this feature. EPICenter Software Installation and User Guide 279 Real-Time Statistics Browse The Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new web browser window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10, “Using ExtremeView” for details on using this feature. Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. See Chapter 7 for details on using this feature. Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device: • Right-click on the device, then select Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7, “Using the Interactive Telnet Application” for details on using this feature. 280 EPICenter Software Installation and User Guide Displaying Properties VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database. See Chapter 13, “Using the VLAN Manager” for details on using this feature. Displaying Properties You can view the properties of a device group, device, slot, or port in the EPICenter database. This section describes how to view properties through the ExtremeView applet. Device Group Properties You can view summary information for all device groups, or view information about individual device groups. To view summary information for all device groups, right-click on the Device Groups component and select Properties from the pop-up menu. The Device Groups Properties window appears, showing the All Device Groups display. This displays a list of the current device groups and their descriptions. For more details about this display, see Chapter 4 “Using the Inventory Manager.” You can also view properties for a specific device group. To view properties for a specific device group, right-click on a device group and select Properties from the pop-up menu. The Device Group Properties window appears, showing information about the selected group. This includes the group description, the number of devices in the group, and a list of the devices. For more details about this display, see Chapter 4 “Using the Inventory Manager.” Device Properties To view properties for a device, right-click on a device in the Component Tree and select Properties from the pop-up menu that appears. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages EPICenter Software Installation and User Guide 281 Real-Time Statistics Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab The VLAN tab lists the VLANs configured on the device. The STP Tab The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about each Syslog Message received from the device. For more details about the Device Properties window, see Chapter 4 “Using the Inventory Manager.” Slot Properties You can view summary information about a specific slot in a modular device. To view properties for a slot, click on the plus sign of a modular device to display the slots for that particular device. Right-click on a slot and select Properties from the pop-up menu that appears. The Device Slot Properties window contains two tabs. The Slot tab displays information about the slot such as the number or letter of the slot, the type of module that is inserted into the slot, and the serial number of the module. If you have a module that requires a special version of ExtremeWare to be installed, the window also displays information such as the primary, secondary, and current software images running on the module as well as the current BootROM image running on the module. The main section of the window presents the same information you can view in the ExtremeView applet for the slot. The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the slot. For more details about this display, see Chapter 10 “Using ExtremeView.” 282 EPICenter Software Installation and User Guide Displaying Properties Port Properties You can view summary information about a specific port in a device. To view properties for a port in a modular device, click on the plus sign of a device to display the slots for that particular device. Click on the plus sign of a slot to display the ports for that particular device. Right-click on a device and select Properties from the pop-up menu that appears. To view properties for a port in a non-modular device, click on the plus sign of a device to display the ports for that particular device. Right-click on a device and select Properties from the pop-up menu that appears. The Device Port Properties window displays two tabs. The Port tab displays information about the port such as the number of the port, whether the port is enabled or disabled, and the load sharing state of the port. The main section of the window presents the same information you can view in the ExtremeView applet for the port. The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the port. For more details about this display, see Chapter 10 “Using ExtremeView.” EPICenter Software Installation and User Guide 283 Real-Time Statistics 284 EPICenter Software Installation and User Guide 12 Network Topology Views This chapter describes how to use the EPICenter Topology View applet for: • Viewing EPICenter Topology maps • Creating new topology views • Adding, moving and deleting map elements (nodes and links) • Setting display properties for individual maps or a complete topology view • Modifying the layout of a topology map • Displaying the alarm browser, telnet window, real-time statistics, a front panel view, VLAN Manager, ExtremeWare Vista, or the Properties dialog for a specific node on the map Overview of EPICenter Topology Views EPICenter’s Topology applet allows you to view your network (EPICenter-managed devices and the links between devices) as a set of maps. These maps can be organized into sets of submaps that allow you to represent your network as a hierarchical system of campuses, buildings, floors, closets, or whatever logical groupings you want. You can also create additional topology views (sets of maps) so you can create several different representations of your network for different purposes. For views with the Auto Populate View option enabled, the Topology applet automatically adds device nodes as they are added to EPICenter’s device inventory. It also adds any links that exist between the device nodes, and organizes them into submaps as appropriate. You can customize the resulting maps by moving elements, adding new elements, such as links, “decorative” (non-managed) nodes, and text, and customizing the device nodes themselves. The Default view, which appears when you first access the Topology applet, is auto-populated with the devices currently in EPICenter’s inventory. NOTE Links can only be discovered and auto-populated between Extreme Networks devices that have the Extreme Discovery Protocol (EDP) enabled. Links cannot be discovered on non-Extreme Networks devices, on Extreme Networks devices with EDP disabled, or on devices running the following versions of ExtremeWare: versions prior to 4.1.19b2, version 5.x, or version 6.0.x. Links can be discovered on devices with EDP enabled running ExtremeWare 4.1.19 b2, 4.1.20, or 4.1.21, or ExtremeWare 6.1 or later. EDP is enabled by default on these Extreme Networks devices. EPICenter Software Installation and User Guide 285 Network Topology Views In addition, from a managed device node on the map, you can invoke other EPICenter functions such as the alarm browser, Telnet, real-time statistics, a front panel view, the VLAN Manager, or ExtremeWare Vista for the selected device, or view device properties from a Properties window. Maps are initially created in a layout based on information in EPICenter’s device inventory about the devices and their connectivity. You can customize the layouts into hierarchical views using cut and paste, or by deleting devices from a map and then adding them to a different map. You can also add and remove “decorative” nodes (nodes that aren’t discovered or managed by EPICenter) and links. Displaying a Network Topology View Click the Topology button in the EPICenter Navigation Toolbar to display the main Topology View page, as shown in Figure 133. NOTE If you have not yet performed a Discovery (i.e. there are no devices in EPICenter’s Inventory database) the map will be blank. Figure 133: The Topology View Submap node Information Hyper node Device nodes panel View name Text node L2 cloud node Links Decoration node A View is a unique, named hierarchy of maps, consisting of a root map and optional submaps, depending on the topology of the network. The current View name is displayed in the pull down field at the left of the icon bar. 286 EPICenter Software Installation and User Guide Displaying a Network Topology View A Map is a collection of nodes and links. The top portion of the left-hand panel displays the Map Hierarchy Tree. This starts at the root map and shows the hierarchy of submaps in the current topology view. The current map name is highlighted. The bottom portion of the left-hand panel is the Map Element Description panel, that displays information about the currently selected map element if one (and only one) is selected. Otherwise, the panel is empty. The main panel displays the currently selected map in the current topology view. Only one view and map can be displayed at a time. Map Elements The following elements can appear on a map: Device Nodes. Device nodes represent the managed devices found in EPICenter’s Inventory data base. Figure 134: Example of device nodes, including an unknown device type A device node shows the following information: • The name of the device as it is kept in the Inventory database (this can be hidden using View or Map properties). • An optional, user-supplied annotation for the node. • A small icon representing the specific device or device product line, if the device is of a known type, or an “unknown” device icon (a circle with a question mark) as shown in Figure 134. (This can be hidden using View or Map properties.) • The device’s IP address. • The device status, indicated by the color of the icon border. — A green border indicates that the device is up. — A red border indicates that the device is down. Each managed device known to EPICenter can only appear once in each topological view. Submap Nodes. A submap node represents a child map of the current map. Figure 135: Example of a submap node The submap node icon shows the following information: • The name of the node (submap), which can be edited. By default, it is given the subnet address/subnet mask as the name. EPICenter Software Installation and User Guide 287 Network Topology Views • A submap icon, as shown in Figure 135. A submap node does not provide any additional status information. L2 Cloud Nodes. An L2 cloud map node provides connectivity between devices when the details of the connectivity cannot be determined. For example, if there is a hub between two devices, the Topology applet will place an L2 cloud between the devices. L2 clouds are created automatically as needed. Figure 136: Example of an L2 cloud node The L2 cloud node icon shows the following information: • The name of the node (cloud), which can be edited. By default, it is named L2C. • A cloud icon, as shown in Figure 136. (This can be hidden using View or Map properties.) An L2 cloud node does not provide any status information. NOTE You cannot add L2 cloud nodes; they are placed automatically by EPICenter as required by device connectivity. You can remove them, but they may be replaced automatically by EPICenter if still needed. There may be situations where EPICenter creates an L2 cloud that is not really necessary. For example: • An L2 cloud may be created as devices are added to the map, but when the final topology is known, the L2 cloud is no longer necessary. • When one end of a link is moved, EPICenter will represent this as two links —one link that is down (the old endpoint port) and a new link that is up (the new endpoint). It will also determine that these two links share the same endpoint, so there must be a hub between these ports and the device at the other end. Thus, EPICenter will create an L2 cloud to represent the hub. In either of these cases, you can use the Discover Links command to remove unnecessary links and L2 clouds. See “Discovering Links Between Devices” on page 300 for more information on the Discover Links function. Hyper Nodes. A hyper node represents a link termination when the actual terminating node (device or cloud) is present on another map. Thus, a hyper node will show the same information as the node it represents (except for the optional node annotation): Figure 137: Example of hyper node icons representing a device and an L2 cloud 288 EPICenter Software Installation and User Guide Displaying a Network Topology View A hyper node icon shows the following information: • The name of the device or cloud node that this hyper node represents (this can be hidden using View or Map properties). • An optional, user-supplied annotation for a device hyper node. This is a different annotation than will appear in the device node that this hyper node represents. • A hyper node icon, as shown in Figure 137. • The device IP address, for a device hyper node. • The device status, for a device hyper node, as indicated by the color of the icon border: — A green border indicates that the device is up — A red border indicates that the device is down An L2 cloud hyper node does not show any status information. NOTE You cannot add, cut, or delete hyper nodes; they are placed and removed automatically by EPICenter as required by device connectivity. Decorative Nodes. A decorative map node can be created by the user to represent any other type of node that is not discovered or managed by EPICenter, such as a server or workstation. Figure 138: Example of a decorative node A decorative node shows the following information: • The name or description of the node, which can be edited • A decorative node icon, as shown in Figure 138. (This can be hidden using View or Map properties.) Text Nodes. A text map node is a single-line text field that can be placed anywhere in a network map. It can be used to create a title for the map, additional annotations for other map elements, comments, and so on. Links. A link represents connectivity between nodes in the map. Links can be automatically detected on Extreme Networks devices with EDP enabled. NOTE For third-party devices or Extreme Networks devices with EDP disabled or not supported, you can manually add links to the map to represent connectivity between devices. However, these links will always have unknown status, will not display endpoint or utilization information, and will not be updated when the map topology changes. The behavior of links described in the following paragraphs does not apply to manually-added links. When a discovered link connects two devices on the same map, the link will be annotated with the port number, or slot and port number for each of the endpoints, as shown in Figure 139. EPICenter Software Installation and User Guide 289 Network Topology Views Figure 139: Example of a gigabit link showing endpoint connectivity and Up status When one of the endpoints is within another submap, the annotation will include the device name or IP address of the device that contains the endpoint within the submap. Whether the IP address or device name is used depends on the setting of the Device Tree UI property in the Administration applet—the one that appears first is used. When the endpoint of a discovered link is not known (the link terminates in a L2 cloud) the unknown port is indicated with a question mark. NOTE If there are more than 400 nodes on a map, link annotations are not displayed. If there are multiple links running between two devices, each link is shown individually as long as there are 25 links or less. If more than 25 links connect two devices, they are represented as a composite link. For a composite link, the link annotation provides the total number of links in the composite and the number of links in each applicable status category (up, down, partially up, or unknown). A link also shows the following information: The width of the link line indicates the link type: • A thick line indicates a gigabit link • A thin line indicates a 10/100 link • A very thick line indicates a composite link. The color of the link line indicates the link status: • A green line indicates that the link is up • A red line indicates that the link is down • A yellow line may be displayed for composite or load-shared links: — For a composite link, yellow indicates that some of the links in the composite are up, and some are down or unknown. — For links that are members of a load shared group, yellow indicates that one or more load-shared links are down. All links in the group will be displayed as yellow if one or more of the links in the group is down. • A grey line indicates that the link status is unknown A broken line (when viewing VLANs) indicates that the selected VLAN does not exist or may be misconfigured at one of the endpoints. If RMON statistics are enabled for the map, then link utilization (as a percentage of link capacity) will be displayed for each port on a link between devices that have RMON enabled in the device. The utilization is updated at the nominal RMON rate as set in the switch—typically every 30 seconds. The default is that RMON statistics are not enabled for a map. To enable the display of RMON statistics, see “Setting Map Properties” on page 311. 290 EPICenter Software Installation and User Guide Displaying a Network Topology View NOTE If RMON statistics are not enabled in the switch, then no statistics will be displayed, even if you enable the display of RMON statistics for the map. Manipulating Map Elements Map elements (nodes and links) can be resized, cut to a clipboard, pasted, deleted and added. There are a number of ways to invoke these actions: • Select a command from one of the menus in the Topology View menubar • Select a command from a pop-menu enabled with a right-cursor click on the map background • Select a command icon from the Topology View toolbar • Use one of the Topology applet keyboard short cuts, or (under Windows 2000 or Windows XP) through the regular Windows mouse and cursor actions and keyboard shortcuts For example, you can resize an individual node by selecting the node and doing one of the following: • Use the cursor to grab one of the resize handles that appear when the node is selected, and drag the handle to resize the node • Select the Inflate Nodes or Deflate Nodes command from the Map Menu • Use the keyboard shortcuts ([Alt]+I or [Alt]+D) for those commands (see the sections “Inflating the Map Nodes” and “Deflating the Map Nodes” on page 309). Map Element Description Panel When you select a map node or link with the cursor, the panel below the Map Hierarchy Tree displays information about the node or link. Map Nodes For map nodes the information panel displays the following: • Name: The node name—can be edited for submap nodes, L2 cloud nodes, decoration and text nodes. Cannot be edited for device nodes and device hyper nodes. • Annotation: an optional identifier for device nodes and device hyper nodes • Type: The type of node (Device, Submap Node, L2 Cloud, Decoration Node, Text Node, or Hyper Node) • Status: The node status (Up, Down, or None) • IP: IP address for a Device node, n/a for any other node type • MAC: MAC address for a Device node, n/a for any other node type • Vendor: Device vendor name for a Device node, n/a for any other node type • Product: Product name for a Device node, n/a for any other node type • Device: Device name obtained from the sysName variable for a Device node, n/a for any other node type • VLANs/Ports list: If the Display VLANs option is enabled, displays the VLANs configured on the device. Appears for Device Nodes and Device Hyper Nodes only. EPICenter Software Installation and User Guide 291 Network Topology Views Link Nodes For individual links, the information panel displays the following information: • Status: The status of the link—up, down, partially up (for load-shared links only) or unknown. Partially up indicates that one or more of the links in the load shared group is down. In this case, all other links in the load-shared group are considered partially up. • Type: The link type (speed) —10/100, 1000, or unknown • Load shared: Whether the link is load shared (yes or no) In addition, for each link endpoint, the following information is displayed: • Node: The name of the node that contains the endpoint • Device: The name of the device represented by the endpoint node • Port: The device port or slot and port to which the link connects, if known • Load Shared Ports: The device represented by the endpoint node is not displayed if the port is not load shared. • Utilization: The utilization percentage, if RMON is enabled on the device and if RMON statistics are enabled for this map. The default is that RMON statistics are not enabled for a map. This is updated regularly, typically every 30 seconds • Total errors: The total errors, if RMON is enabled on the device and if RMON statistics are enabled for this map. This is updated regularly, typically every 30 seconds • VLANs/Ports list: Displays the VLANs configured on that port. Composite Link Nodes For composite links, the information panel displays the following information: • Status: The overall status of the composite link— up, down, partially up, or unknown. Partially up indicates that some links in the composite are up, some are down. • Link count: The number of individual links in the composite link. • Links Status: The number of links up, partially up, down and unknown. In addition, for each link endpoint, the following information is displayed: • Endpoint 1 and Endpoint 2: The name of each endpoint node • Endpoint 1 device and Endpoint 2 device: The device type or each endpoint node • A table showing the endpoint ports (or slot and port) for each individual link in the composite link, along with the link status and whether the link is load shared. You may need to move the right side boundary of the panel to see the last two columns. Manipulating Topology Views and Maps You can create new topology views or move elements around on existing maps in a number of ways. The Topology View applet provides a number of ways to invoke the various commands and functions: • A series of pull-down menus. All commands and functions can be accessed from these menus • A set of icons that represent a commonly-used subset of the functions available 292 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps • A pop-up menu you can invoke by clicking the right mouse button on any unoccupied area of the map background • A pop-up menu you can invoke by right-clicking on a Device map node • Keyboard shortcuts for some functions The various methods you can use to perform a command are described under each command or function. Creating a New View or a New Map The Default map contains all the network devices known to EPICenter, arranged based on EPICenter’s internal algorithms (see the discussion on page 294 in the section “Displaying a Network Topology View”). However, it is often convenient to create views based on other criteria, such as physical location, departmental organization, and so on. The Topology applet lets you create additional views that organize your network elements in any way you wish. Creating a New View You can create a new view (and its Root Map) by selecting New View from the New menu. A Create New View dialog box opens, as shown in Figure 140. Figure 140: Creating a new View • Enter a name for the view. • Select the Auto populate view option to add the devices currently in the EPICenter inventory database to the new View. Submaps, L2 clouds and hyper nodes will be created as needed. In addition, as new devices are added to EPICenter, they will also be added to the view. If you do a Discovery after you have created a view with the auto populate option enabled, all new discovered devices will be added to the view.See “Node Placement Criteria in an Auto Populate View” on page 294 for detailed information. • Uncheck the Display device names checkbox to hide device names on the maps. The default is to display the names. • Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons representing specific device types. The default is to use device icons. • Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on). The default is a 12 point font. EPICenter Software Installation and User Guide 293 Network Topology Views If your map will contain a large number of nodes, you may need to eliminate the device names and node icons from the display, and reduce the font size in order to fit all the map elements onto a map with adequate spacing. When you click OK, a new root map is displayed. If the Auto populate view option is not selected, a new blank root map is displayed. If Auto populate view is selected, nodes, submaps and other map elements are created based on the current EPICenter inventory. The new view name appears in the View field at the left of the icon bar. Each newly-created map inherits the current view’s properties for display node names, display node icons, and map node font size. Displaying a View You can display the Default view or any other views you have created by selecting the View name from the pull down list in the View field. Renaming a View You can rename the view by clicking in the View field and typing over the view name. Click away from the View field to commit the change. Node Placement Criteria in an Auto Populate View When you do a Discovery or add a device in the Inventory applet, the newly added devices are placed into the default topology view (named “Default”). If you have created other maps with the Auto Populate View feature enabled, those views are also populated with the newly added devices. Device connectivity and the map hierarchy is determined by the information learned from the EPICenter database. For views with the Auto Populate View option enabled, EPICenter places devices on the Root Map or into submaps based on the following criteria: • Devices with IP Forwarding enabled are always placed on the Root Map • Devices without IP Forwarding enabled are placed in submaps based on the subnet mask associated with the IP interface used by EPICenter to manage the device. In the Default view, submaps are named based on the subnet IP address plus the subnet mask: for example, 10.205.0.0/16, 10.205.0.0/24, and so on. Both Extreme and third-party devices are placed using these rules. For Extreme devices, you can find the subnet mask and IP Forwarding status by looking at the device in the VLAN applet. For third-party devices, you must query the device itself if you want to determine these settings. Within a map, the Topology Manager attempts to optimize the layout to minimize node and link overlap. If there are more than 400 links in a single map, the Topology Manager does not put labels (annotations) on the links. It displays a warning telling you that link labels will not appear. If there are more than 400 nodes to be placed in a single map, the Topology Manager displays a warning that computing the default layout may take a significant amount of time (see Figure 141). You can then choose to have the nodes laid out in a simple row/column grid. 294 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps Figure 141: Map layout warning for placement of more than 400 nodes If you want to proceed with the default (optimized) layout, check the Default Map Layout checkbox. Even though the default layout may take a long time, it only needs to be done once, and produces a more optimal layout. To specify a grid layout (which may result in overlapping links) check the Grid Map Layout checkbox. To bypass the layout process, check cancel. Figure 143 shows an example of a the default layout for a 405 node map. Figure 143 shows the same nodes in a grid layout. Figure 142: Example of a default layout for a 410 node map EPICenter Software Installation and User Guide 295 Network Topology Views Figure 143: Example of a grid layout Creating a New Submap You can create a new map by doing one of the following: • Select New Map from the New menu • Click the “Create new map” icon on the icon bar: A new submap node appears on the map, and a New Map entry appears in the map hierarchy tree, as shown in Figure 144. 296 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps Figure 144: Adding a new map To give the submap a different name, select the submap node, and change the name in the name field in the Information panel. The change will take effect when you click away from the submap node. You can also change the name of any map (including the Root Map) by clicking slowly twice on the name in the Map Tree Hierarchy. This puts you into an edit mode where you can change the name. When editing the map name in either location, you can cancel the edit with the [Esc] key, as long as you have not yet committed it. You can commit the change with the [Enter] key, or by clicking in a different panel from the one where you are editing. Adding Elements to the Map You can add a variety of elements to your map: device nodes, submap nodes, links, decorative nodes, and text “nodes”. Adding a Device Node You can add device nodes to your map by doing one of the following: • Select New Device Map Node from the New menu • Right-click on the map background to display the pop-up menu, then select New Device Map Node • Click the “Create new device map” node icon on the icon bar: A pop-up window appears with a list of all devices currently known to EPICenter, that are not already used somewhere in this view. A count of devices in the list is displayed at the top of the window. If all devices known to EPICenter are already placed in this view, a message window informs you of that fact. To add a device node to the map, select the device and click OK.The device node will appear on the map, identified by the information from EPICenter’s inventory database. EPICenter Software Installation and User Guide 297 Network Topology Views If the device has known links to other devices already on the map, or on other submaps within the same view, those links will also be placed on the map. An L2 cloud node or a hyper node, may also be placed on the map, if required for connectivity between the devices. If all devices known to EPICenter are already placed in this view (on any of the maps in the view) the pop-up window will inform you of that fact. L2 Cloud Nodes and Hyper Nodes. You cannot add L2 cloud nodes and you cannot add or remove hyper nodes to or from your map; they are added automatically if the connectivity between device nodes requires it. Adding a Decorative Node You can add a decorative node to your map by doing one of the following: • Select New Decorative Map Node from the New menu • Right-click on the map background to display the pop-up menu, then select New Decorative Map Node A decorative map node is a node that can be used to represent any component of your network that is not recognized or managed by EPICenter. You can change the node name by selecting the node, and editing the contents of the name field in the Information panel. The change will take effect when you click away from the submap node. Adding a Text Node You can add a text node to your map by doing one of the following: • Select New Text Map Node from the New menu • Right click on the map background to display the pop-up menu, then select New Text Map Node A text map node can be used to annotate your map, such as to create a title for the map. Adding a Map Link There may be situations where you want to represent a link between devices when a “real” link cannot be detected by EPICenter. This may be the case if EDP is disabled on a device, if the device is a non-Extreme Networks device, or if EDP is not supported by the version of ExtremeWare running on the device. In these cases you can add a link between nodes on your map by doing the following: • Select New Map Link from the New menu A link is added to your map, as shown in Figure 145. 298 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps Figure 145: Adding a link to your map To attach the link between two map nodes: 1 Select one of the red triangles, then wait until a move cursor appears 2 Drag and drop one end of the link onto one of the node you want to connect 3 Do the same with the other end of the link After the link is connected, you can specify endpoint for the link. To specify the end points: 1 Select the link 2 In the Information panel, select the port for the endpoint from the list in the Port field for first device 3 Select the port for the other endpoint from the list in the Port field for second device, as shown in Figure 146 EPICenter Software Installation and User Guide 299 Network Topology Views Figure 146: Specifying ports for a new link connection There are a number of restrictions that apply to the behavior of manually-created links: • These links appear only on the map where they were created—they will not exist between the same devices in any other view. • These links are NOT update when the status or end-point of the real link it represents is changed. If, due to such a change, the real link is discovered by EPICenter (for example, the endpoint is moved to a device where EDP is enabled) a new link is created on the map in addition to the manually-created link. • If the device to which a manually-created link attaches is cut from the map, the link must be manually recreated when the device is pasted back. Discovering Links Between Devices EPICenter will eventually discover new links between devices or rediscover links you have deleted from the map if they are real existing links that are up. However, if you want to have EPICenter discover new links immediately, instead of waiting for the next polling cycle, you can use the Discover Links command. You can also use Discover Links to remove links that no longer exist. Since EPICenter cannot distinguish between a link that no longer exists and a link that is down, when a link is moved, EPICenter will continue to show the obsolete link as a down link. The Discover Links command will remove these. To have EPICenter rediscover all existing links between devices, do the following: • Select Discover Links from the New menu EPICenter will add or update the links that exist between the devices on your map, and will remove any links whose connectivity or status it cannot determine. It will also eliminate any L2 clouds that are no longer needed. 300 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps NOTE If there is a existing link that is down when you do a Discover Links, EPICenter will remove that link, since it cannot discover links from which it cannot get status. However, if you have auto-populate turned on for the map, the real link will be added back to the map once the link comes back up. Editing the Map You can edit your topology views in a number of ways, including changing the names of the views and maps, and cutting, pasting, or deleting map elements. Renaming a Topology View You can change the name of a view (including the Default view) by doing one of the following: • Select Rename View from the Edit menu • Click once on the view name in the view name field Either of these actions puts you into an edit mode where you can directly change or replace the contents of the field. Deleting a View To delete the entire current view, select Delete View from the Edit menu. You will be asked to confirm that you want to delete the entire view. This function deletes the currently displayed view, including all of its maps. Once the view is deleted, the next remaining view is displayed, if there are any other views. NOTE You can use this command to delete the Default view. However, if you do this, it will be difficult to recreate the view and its submaps. Renaming a Map You can change the name of the current map by doing one of the following: • Select Rename Map from the Edit menu • Click twice on the Map name in the Map Hierarchy Tree Either of these actions puts you into an edit mode where you can change or replace the name in the Map Hierarchy Tree. You can also change the name of the map in the Map Properties window, as discussed in “Setting Map Properties” on page 311. Deleting a Submap To delete a submap, you must first display the submap you want to delete, and delete all the elements on the map. You can then delete the submap by selecting Delete Map from the Edit menu. You can also delete a submap by clicking the submap node on its parent map. EPICenter Software Installation and User Guide 301 Network Topology Views You will be asked to confirm that you want to delete the map. NOTE A submap must be empty before you can delete it. You cannot use the Delete Map command to delete the Root Map. To delete the Root map you must delete the entire View with the Delete View command. Cutting Map Nodes You can cut selected device, decorative, or text nodes from the map in order to paste them in another location. • You can cut a submap node as long as it is empty • You cannot cut a hyper node. A hyper node will be removed automatically as appropriate, if all nodes on the current map that have links to that node, are removed • L2 cloud nodes can be cut, but cannot be pasted. To cut one or more nodes, do the following: 1 Select the nodes you want to cut. You can select multiple nodes by dragging the cursor to rubber-band the selection, or by using Shift-click (hold down the shift key while clicking the cursor on the nodes you want to select). 2 Cut the nodes by doing one of the following: — Select Cut Map Nodes from the Edit menu — Click the “Cut nodes from map” icon on the icon bar — Right-click on the map background to display the pop-up menu, then select Cut Map Nodes — Enter [Alt]+X from the keyboard NOTE You are NOT asked to confirm this action: if you cut a node by mistake, you will just need to paste it back again to the map. To remove nodes from the map without provision for pasting them, use the Delete Map Nodes command. Pasting Nodes onto a Map Once you have cut one or more nodes, you can paste them onto another map by doing one of the following: • Select Paste Map Nodes from the Edit menu • Click the “Paste” icon on the icon bar • Right-click on the map background to display the pop-up menu, then select New Device Map Node • Enter [Alt]+V from the keyboard These commands will only be available if there are cut nodes currently on the clipboard. 302 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps If nodes are pasted partially or completely on top of one another, you can use the Layout Map command (see “Map Layout” on page 305) to rearrange them. NOTE Cutting and pasting nodes does NOT preserve manually-created links between the nodes. Links that are automatically discovered may be recreated after the nodes are pasted, but links that were created manually must be recreated manually. NOTE If an L2 cloud node was among those you selected to cut, it may not necessarily be pasted back with the other nodes. Another L2 cloud is created only if EPICenter determines that it is necessary for representing device connectivity. Deleting Nodes from the Map You can delete selected device, decorative, or text nodes from the map, as opposed to cutting them for later pasting. • You can delete a submap node as long as it is empty • You cannot delete hyper nodes. A hyper node is deleted automatically when the actual node it represents is deleted • L2 cloud nodes are deleted when they are no longer needed. You can also delete them manually To delete one or more nodes, do the following: 1 Select the nodes you want to delete. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select). 2 Delete the nodes by doing one of the following: — Select Delete Map Nodes from the Edit menu — Right-click on the map background to display the pop-up menu, then select Delete Map Nodes CAUTION You will NOT be asked to confirm that you want to delete the nodes. If you delete nodes accidently, you will need to add them again to the map. Deleting Links from the Map You can remove one or more links from the map using the Delete Map Links command. To delete one or more links, do the following: 1 Select the links you want to delete. You can select multiple links by using Shift-click (hold down the shift key and click the cursor on the link you want to select). 2 Delete the links by doing one of the following: — Select Delete Map Links from the Edit menu — Right-click on the map background to display the pop-up menu, then select Delete Map Links EPICenter Software Installation and User Guide 303 Network Topology Views CAUTION Active links that were created automatically by EPICenter will be recreated automatically on the next polling cycle as long as the endpoints they linked are still present on the map. The only links that can be permanently deleted are manually-created links or links that cease to exist. CAUTION Links that have been deleted cannot be pasted. Manual links must be recreated manually. Selecting All Nodes in a Map You can select all the nodes in a map by doing one of the following: • Select Select All Map Nodes from the Edit menu • Enter [Alt]+A from the keyboard NOTE To move a multiple-node selection as a group, hold down the shift key while dragging to preserve the multiple-node selection. Setting View Properties You can change the properties you set when you created a new view (or change the properties of the Default view) using the View Properties... function. To display the View Properties window, do one of the following: • Select View Properties... from the View menu • Right-click on the map background to display the pop-up menu, then select View Properties... The View Properties window appears, as shown in Figure 147. Figure 147: Setting View properties for the current view 304 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps To change the properties for the current view, do the following: • Select the Auto populate view option to add the devices currently in the EPICenter inventory database to the View. Submaps, L2 clouds and hyper nodes will be created as needed. In addition, as new devices are added to EPICenter, they will also be added to the view. If you do a Discovery after you have created a view with the auto populate option enabled, all new discovered devices will be added to the view.See “Node Placement Criteria in an Auto Populate View” on page 294 for detailed information. • Uncheck the Display device names checkbox to hide device names on the maps. Check the checkbox to show the device names. • Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons representing specific device types. Check the checkbox to display node icons. • Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on). The default is a 12 point font. • Check the Update map properties checkbox to cause these settings to override any individual map settings for all current maps in this view. If you do not check this, exisitng maps will retain the current values of their map properties. NOTE Once you change these settings, any new (future) maps you create within this view will inherit the changed view property settings, regardless of the setting for the Update Map Properties property. Map Viewing Functions EPICenter’s Topology applet provides a number of ways to view and manipulate the layout of a topology map. The size and layout of map nodes is saved at every map operation (except for the map zoom level). Map Layout You can drag map nodes around on the map yourself, or you can have EPICenter lay out the map nodes for you. To have EPICenter do the map layout, do one of the following: • Select Layout Map from the Map menu • Click the “Layout” icon on the icon bar • Click with the right mouse button on the map background to display the pop-up menu, then select Layout Map • Enter [Alt]+L from the keyboard This calculates a default map layout, optimizing for node and link placement to minimize overlap. If necessary, the Topology Manager may create a layout that is larger than the visible window area. In this case, scroll bars allow you to view different parts of the map. If there are a large number of nodes, the Topology Manager gives you the option of using a grid layout instead of the default layout. See “Node Placement Criteria in an Auto Populate View” on page 294 for more information on how layouts are determined. Figure 148 shows the visible portion of the default layout produced for a map with approximately 100 nodes. EPICenter Software Installation and User Guide 305 Network Topology Views Figure 148: Default map layout optimized to minimize node and link overlap. You can use the Expand Map and Compress Map commands to increase or decrease the space between nodes in the map. You can also move map nodes by selecting them and dragging them to the location where you want them placed. Laying Out a Map in Window If the default map layout creates a map that is larger than the visible area of the Topology Manager window, you can have the Topology Manager attempt to optimize the map layout within the visible area of the window. To have EPICenter optimize the map layout within the current window, do one of the following: • Select Layout Map In Window from the Map menu • Click with the right mouse button on the map background to display the pop-up menu, then select Layout Map in Window • Enter [Alt]+M from the keyboard Figure 149 shows the same nodes as shown in Figure 148, but laid out to fit within the visible area of the window. 306 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps Figure 149: Map layout produced by Layout Map in Window command Fitting a Map in the Window If the default map layout is larger than the visible area of the Topology Manager window, you can have the Topology Manager shrink the map to fit into the visible area of the window. To have EPICenter shrink the map layout to fit within the current window, do one of the following: • Select Fit Map In Window from the Map menu • Click with the right mouse button on the map background to display the pop-up menu, then select Fit Map in Window • Enter [Alt]+W from the keyboard This function does not attempt to optimize the layout for node or link overlap. To attempt to optimize the layout, use the Layout Map in Window command. Figure 150 shows the effects of using the Fit Map in Window command on the map layout shown in Figure 148. EPICenter Software Installation and User Guide 307 Network Topology Views Figure 150: Map layout produced by Layout Map in Window command Expanding the Map The Expand Map function increases the length of the links between map nodes without changing the size of the nodes. To expand the current map, do one of the following: • Select Expand Map from the Map menu • Enter [Alt]+E from the keyboard Because this command affects map links, nodes that do not have links are not moved. Compressing the Map The Compress Map function decreases the length of the links between map nodes without changing the size of the nodes. To compress the current map, do one of the following: • Select Compress Map from the Map menu • Enter [Alt]+S from the keyboard Because this command affects map links, nodes that do not have links are not moved. Inflating the Map Nodes The Inflate Nodes function increases the size of some or all of the nodes on the current map, without changing the spacing between the nodes. 308 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps By default (if you do not select any specific nodes) the command will inflate all nodes on the current map. If you select one or more nodes, the command will inflate just the nodes you’ve selected. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select). To inflate the selected nodes, do one of the following: • Select Inflate Nodes from the Map menu • Enter [Alt]+I from the keyboard Deflating the Map Nodes The Deflate Nodes function decreases the size of some or all of the nodes on the current map, without changing the spacing between the nodes. By default (if you do not select any specific nodes) the command will deflate all nodes on the current map. If you select one or more nodes, the command will deflate just the nodes you’ve selected. You can select multiple nodes by using Shift-click (hold down the shift key and click the cursor on the node you want to select). To deflate the selected nodes, do one of the following: • Select Deflate Nodes from the Map menu • Enter [Alt]+D from the keyboard Zooming In The Zoom In function expands the entire map, both the size of the nodes as well as the spacing between them. To zoom in the current map, do one of the following: • Select Zoom Map In from the Map menu • Click the In icon on the icon bar • Enter [Alt] and the [Plus] from the numeric keypad on the keyboard Unlike the other map manipulation commands, the zoom level is not saved with the map. Zooming Out The Zoom Out function shrinks the entire map, both the size of the nodes as well as the spacing between them. To Zoom Out the current map, do one of the following: • Select Zoom Map Out from the Map menu • Click the Out icon on the icon bar • Enter [Alt] and the [Minus] from the numeric keypad on the keyboard Unlike the other map manipulation commands, the zoom level is not saved with the map. EPICenter Software Installation and User Guide 309 Network Topology Views Unzooming the Map The Unzoom Map function restores the map to the size it was prior to any Zoom In or Zoom Out actions. To “unzoom” the map, do one of the following: • Select Unzoom Map from the Map menu • Enter [Alt]+R from the keyboard Undoing Your Map Edits You can undo your last ten map layout and sizing actions one by one using the Undo Map Edit function. Each Undo Map Edit action undoes your previous editing action. To undo the most recent edit, do one of the following: • Select Undo Map Edit from the Map menu • Enter [Alt]+U from the keyboard This command does not undo delete, cut or paste of map elements. It stores only the last ten map layout and sizing actions. Printing a Map You can print the current map using the Print Map function. To print a map, display the map you want to print and then do one of the following: • Select Print Map from the Map menu • Click the Print icon on the icon bar • Enter [Alt]+P from the keyboard Printing a large map can be very memory-intensive, and can take a significant amount of time. NOTE Landscape mode and plotters are not supported. Finding a Map Node If your map has a large number of nodes, it may be difficult to quickly find a specific node you’re interested in seeing. The Find Map Node function lets you select a node from the list of all nodes in the current view, and will then find and “select” that node. To find a node, do one of the following: • Select Find Map Node... from the Map menu • Right-click on the map background to display the pop-up menu, then select Find Map Node... • Enter [Alt]-F from the keyboard You are presented with a list of all the nodes in the current view (see Figure 151). The list includes the name of the node, the IP address, the node type, and the map where it can be found. The total number of nodes in the list is displayed at the top of the window. 310 EPICenter Software Installation and User Guide Manipulating Topology Views and Maps Figure 151: Finding a node in the current view • To find a node, select the node and click the Find button. This will display the appropriate submap, if necessary, and highlight the node you have selected. The Find Map Node window will continue to be displayed until you dismiss it with the Close button. You can move around among different maps and views while the Find Map Node window is displayed. If you change views while the Find Map Node window is displayed, the list of devices will no longer be correct. To update the list to reflect the current view, click the Refresh button. Setting Map Properties There are a number of properties you can set for the current map, such as the background color or image, node background color and style, node and link text color, and whether RMON statistics should be enabled for the devices on this map. To display the Map Properties window, do one of the following: • Select Map Properties... from the Map menu • Right-click on the map background to display the pop-up menu, then select Map Properties... The Topology Map Properties window will appear, as shown in Figure 152. EPICenter Software Installation and User Guide 311 Network Topology Views Figure 152: Setting Map Properties for the current map In this window you can do the following: • To change the name of the map, modify the name in the Name field • To select a background image for the map, select the image you want from the drop-down list in the Background Image field • To change the height and width (in pixels) for the background image, enter the number of pixels in the Background Image Width or Background Image Height field • To select the coordinates (in pixels) where the upper left hand corner of the background image should be placed, enter the number of pixels in the Background Image X or Background Image Y field • To change the map background color, click the color bar icon labeled Map Background Color. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. • To change the node background color for non-transparent map nodes, click the color bar icon labeled Node Background Color. This displays a color selection window where you can select the color you want. You can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. NOTE Device nodes that display the node icon use a transparent background color. Thus, the node background color setting is ignored for these nodes. The background color affects only submap nodes, device hyper nodes, and device nodes that do not display a device icon. • To set the color used to label nodes, click the color bar icon labeled Node Text Color. This displays a color selection window where you can select a color by using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. • To set the color of the text used to label links, click the color bar icon labeled Link Text Color. This displays a color selection window where you can select a color using color swatches, or by specifying HSB or RGB values. The current color is displayed in the small box to the right of the color bar icon. The default is black. • To use a gradient node background color (the color is shaded from light to dark to light), click the checkbox labeled Node Gradient Background. To turn the gradient off, so that the node background 312 EPICenter Software Installation and User Guide Displaying VLAN Information will be a uniform solid color, click in the checkbox to remove the check mark. The default is to use a gradient background. • Set the Map Node Font Size to change the size of the font used for map node labels (names, annotations, IP addresses and so on). The default is a 12 point font. • Uncheck the Display device names checkbox to hide device names on the maps. Check the checkbox to show the device names. The default is to display device names. • Uncheck the Display node icons checkbox to use plain boxes to indicate map nodes instead of icons representing specific device types. Check the checkbox to display node icons. The default is to display device icons. • To select whether RMON statistics should be enabled for this map, click the checkbox labeled Rmon Statistics. When RMON statistics are on for a map, the percent utilization will be displayed for links. RMON statistics can be enabled separately for each map in the view. The default is to have RMON statistics disabled for the map. NOTE It is possible to disable RMON statistics for the Topology applet as a whole, so that the Rmon Statistics checkbox will not have any effect. This is done setting RMON properties on the Server Properties page of the Administration applet. Adding Map Background Images You can add images of your own to use as background images for topology maps by placing them in the BackgroundImages directory in the EPICenter server installation. Both.gif and .jpg image types are supported. Background images are kept in the directory <epicenter_install_dir>\extreme\gifs\topology.BackgroundImages where <epicenter_install_dir> is the root directory of your EPICenter server installation (by default epc4_1 in the Windows operating environment, or /opt/extreme/epc4_1 on a Solaris system). Displaying VLAN Information The Topology applet can provide information on the VLANs configured on the switches in a map. VLAN information is not displayed by default. You can view VLAN information in several ways within the Topology View applet: • By VLAN, which highlights all devices and links on the current map with ports in a selected VLAN. • By device, which displays a list of VLANs configured on the selected device node. VLAN information for links is always displayed in the Map Element Description Panel whenever a link is selected, regardless of the VLAN Display mode. To enable the VLAN information display for devices on a map, do one of the following: • Click the VLANs icon in the Topology applet Toolbar. EPICenter Software Installation and User Guide 313 Network Topology Views • Select Display from the menu bar, and then select VLAN information. This is a toggle menu item; select it once to display VLAN information, select it again to remove the VLAN information display. When you enable the VLAN information display, a drop down field appears in the applet Toolbar that lists all the VLANs configured for devices on the map. • To view VLAN information by VLAN on the current map, select the VLAN from the drop-down list. The links and devices that are involved in the VLAN are highlighted on the map, devices and links not in the VLAN are dimmed. Figure 153 shows the VLAN display for a single node on the map. Figure 153: Displaying VLAN information If a link is displayed as a broken line, this means that a VLAN with the selected name does not exist on one of the ports in that link. This typically indicates a misconfiguration. However, it is possible that a compatible VLAN with a different name exists on the other port, and no misconfiguration exists. For example, you could have an untagged VLAN vlan1 on one port, and untagged VLAN vlan2 on the other port. Thus when you select either vlan1 or vlan2 the link is displayed as a broken line, but traffic will flow successfully between the two VLANs. • To view the VLANs configured on a device, select the device node on the map. The Map Element Description panel on the left-hand side of the window displays information about the VLANs configured on a selected device node. For more detailed information about the VLANs on a device, you can right-click on the device and select Device VLANs from the pop-up menu that appears. See “Device VLANs” on page 320 for more information. NOTE If you have a large number of VLANs configured on the device, it could take a while to display the VLANs. Do not deselect the node while this is in progress. 314 EPICenter Software Installation and User Guide Using the Tools Menu • To view VLANs configured on a link, select the link. VLAN configuration information for the devices on both sides of the link is displayed in the Map Element Description panel. (Note that this information is always displayed for links, even if you do not have the VLAN Display option selected.) Using the Tools Menu Using the tools menu, you can add links to a VLAN, connect edge ports to a VLAN, and view a variety of information about the devices represented by the nodes on the map. By selecting a function from the Tools menu, or from the Device pop-up menu, you can invoke displays of information kept by EPICenter for the selected device. Mark Links Mode The Mark Links Mode is a toggle that allows you to click on links to select them. When the toggle is on, you can select links on different maps. EPICenter remembers all of the links from each map. Selected links flash on the screen. Mark links mode is required for using the Add Links to VLAN function. To set mark links mode, select Mark Links Mode from the Tools menu, or click the Mark icon on the icon bar To deselect a link, click on the link. Adding Links to a VLAN Use the Add Links to VLAN function to add marked links to a new or existing VLAN. To add a link to a VLAN, do the following: • Select Mark Links Mode from the Tools menu. • Select one or more links to be added to the VLAN. • Select Add Links to VLAN from the Tools menu. The Add Links to VLAN Dialog box opens, as shown in Figure 154. EPICenter Software Installation and User Guide 315 Network Topology Views Figure 154: Add Links to VLAN Dialog • To add the selected link to an existing VLAN, select the VLAN from the list. You can add the VLAN as tagged or untagged by toggling the Add selected links to VLAN as tagged checkbox. • To add the selected link to a new VLAN, click the Add links to a new VLAN radio button, as shown in Figure 155. Figure 155: Add links to new VLAN dialog • Enter the name of the new VLAN. • Select untagged or enter tag for the VLAN. • Select the VLAN protocol. 316 EPICenter Software Installation and User Guide Using the Tools Menu • To add the selected links, click OK. For more information on creating new VLANs, see Chapter 13. Connecting an Edge Port to a VLAN Using the Topology applet, you can add an edge port from a selected device to a particular VLAN. As you add the port, the map view is automatically updated to display your proposed changes. To connect an edge port to a VLAN, select the node and do one of the following: • Select Connect Edge Port to VLAN from the Tools menu. • Right-click on the Device map node, then select Connect Edge Port to VLAN from the pop-up menu that appears This starts the Connect Edge Port to VLAN Wizard, as shown in Figure 156. Figure 156: Connect Edge Port to VLAN Wizard To use the wizard, do the following: • Select the name of the VLAN from the VLAN List. • Select the port from the Available Ports in the Device list. • If you want to add the port as tagged, click the Add the selected port as tagged port checkbox. • Click Next. The second page of the Connect Port to VLAN Wizard appears, as shown in Figure 157. EPICenter Software Installation and User Guide 317 Network Topology Views Figure 157: Connect Port to VLAN Wizard (page 2) If the connection from the selected edge port to the desired VLAN is viable, the Wizard displays path information, including any additional ports that must be added to the VLAN to accommodate the connection. If the Wizard is unable to locate a path between the selected edge port and the desired VLAN, the Wizard gives you the option of creating the VLAN on the selected device. However, no path from the device to the VLAN is created. If you try to add an edge port from a device that is already a member of the desired VLAN, the Wizard reports that the VLAN is on the same device and that the port will be added without changing links. Uncheck Add calculated links if you want to add the selected edge port to the VLAN and you do not want the found path to be added. • Click Finish to complete the connection. • Click Cancel to cancel the operation. Device Alarms The Device Alarms function runs the EPICenter Alarm System applet and displays the Alarm Browser function to show the alarms for the selected device. To view the Device Alarms display for a selected node, select the node and do one of the following: • Select Device Alarms from the Tools menu • Right-click on the Device map node, then select Device Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the device associated with the selected Device map node. See Chapter 5, for details on using this feature. 318 EPICenter Software Installation and User Guide Using the Tools Menu Device Browse The Device Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected node, select the node and do one of the following: • Select Device Browse from the Tools menu • Right-click on the Device map node, then select Device Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new window. Refer to the ExtremeWare Software User Guide for more information on using ExtremeWare Vista. Device Statistics The Device Statistics function runs the EPICenter Real-Time Statistics applet, and displays port statistics for the selected device. To view the Device Statistics display for a selected node, select the node and do one of the following: • Select Device Statistics from the Tools menu • Right-click on the Device map node, then select Device Statistics from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window, and displays port statistics for the device associated with the selected Device map node. See Chapter 11 for details on using this feature. Device Telnet The Device Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device, select the appropriate device node and do one of the following: • Select Device Telnet from the Tools menu • Right-click on the Device map node, then select Device Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7 for details on using this feature. Device View The Device View function runs the EPICenter ExtremeView applet, and displays the device front-panel image and device information for the selected device. To view the Device View for a selected node, select the node and do one of the following: • Select Device View from the Tools menu • Right-click on the Device map node, then select Device View from the pop-up menu that appears EPICenter Software Installation and User Guide 319 Network Topology Views This starts the ExtremeView applet in a new window and displays the front-panel image and information for the device associated with the selected Device map node. See Chapter 10 for details on using this feature. Device VLANs The Device VLANs function runs the VLAN Manager applet, and displays the VLAN configurations for the selected device. To view VLAN configuration information for a selected device, select the appropriate device node and do one of the following: • Select Device VLANs from the Tools menu • Right-click on the Device map node, then select Device VLANs from the pop-up menu that appears This starts the VLAN Manager in a new browser window, showing information for the selected device. See Chapter 13 for details on using this feature. Device Properties The Device Properties function opens the Device Properties window and displays the properties of the selected device. To display properties for a selected device, select the appropriate device node and do one of the following: • Select Device Properties from the Tools menu • Right-click on the Device map node, then select Device Properties from the pop-up menu that appears This opens a properties window for the selected device. For information about the Device Properties window, see Chapter 4. 320 EPICenter Software Installation and User Guide 13 Using the VLAN Manager This chapter describes how to use the VLAN Manager for: • Viewing enterprise-wide, tagged and untagged VLAN information for Extreme (Summit and BlackDiamond) switches managed by the EPICenter software • Adding new tagged or untagged VLANs to Extreme devices, adding ports to those VLANs, and modifying IP addresses • Deleting VLANs • Modifying VLANs • Adding and deleting protocol filters Overview of Virtual LANs A Virtual LAN is a group of location- and topology-independent devices that communicate as if they were on the same physical local area network (LAN). Extreme Networks switches have a VLAN feature that enables you to construct broadcast domains without being restricted by physical connections. The VLAN Manager creates and manages VLAN for Extreme Networks devices only. It does not handle other third-party devices, even though third-party devices can be managed through the Inventory Manager. If you run the EPICenter client with Administrator or Manager access, you can: • Create and delete VLANs • Add or remove ports from existing VLANs • Modify a VLAN’s IP address • Enable/disable IP Forwarding • Create and modify the protocol filters used to filter VLAN traffic Extreme Networks switches can support a maximum of 3000 VLANs. VLANs on Extreme Networks switches can be created according to the following criteria: • Physical port • 802.1Q tag • Protocol sensitivity using Ethernet, LLC SAP, or LLC/SNAP Ethernet protocol filters EPICenter Software Installation and User Guide 321 Using the VLAN Manager • A combination of these criteria In the EPICenter system, a VLAN is defined uniquely by the following: • Name • 802.1Q tag (if defined) • Protocol filters applied to the VLAN As a result, multiple switches are shown as members of the same VLAN whenever all the above are the same. For a more detailed explanation of VLANs, see the ExtremeWare Software User Guide. Displaying a VLAN When you click the VLAN icon in the EPICenter Navigation Toolbar, the VLAN Manager window is displayed, as shown in Figure 158. Figure 158: VLAN Manager top-level view By VLAN, showing devices organized by VLAN The VLANs currently known to the EPICenter database are displayed in the Component Tree on the left. The panel on the right shows summary information about each VLAN. 322 EPICenter Software Installation and User Guide Displaying a VLAN NOTE You must add switches to the EPICenter database through Discovery or by using the Add function in the Inventory Manager. Until you add a switch to the database, you cannot use EPICenter create any VLANs on that switch. Information about VLAN configurations is obtained when a switch is added to the database. The VLAN Manager can display information either by VLAN (showing all the switches with ports that are members of a specific VLAN) or by switch (showing the VLANs that have members on a specific switch). • Select the By VLAN button to display VLANs at the first level of the Component Tree. Listed under each VLAN is every switch that has the VLAN defined on it (see Figure 158). When the top level of the tree (the VLANs node) is selected, the right hand panel displays a list of all VLANs configured on the Extreme Networks switches included to the EPICenter database. The All VLANs display includes: • Name—The VLAN name • Tag—The VLAN tag value (if any) or “Untagged” • Protocol—The protocol filter configured for the VLAN Select an individual VLAN to view a summary of the configuration of the switches and ports that are members of that VLAN. • Select the By Switch button to display switches at the first level of the Component Tree. Listed under each switch is every VLAN that is defined on the switch, as shown in Figure 159. When the top level of the tree (the Switches node) is selected, the right hand panel displays a list of the Extreme Networks switches known to the EPICenter database on which VLANs are configured. EPICenter Software Installation and User Guide 323 Using the VLAN Manager Figure 159: VLAN Manager view By Switch, showing VLANs organized by device The Devices view includes • Name—The switch name • Type—An icon representing the switch type. Select an individual switch to list the VLANs that are configured on that switch. Viewing VLANs on a Switch To view all VLANs configured on an individual switch, select the switch in the Component Tree of the By Switch view. Figure 160 shows an example of the All VLANs on Switch view. 324 EPICenter Software Installation and User Guide Displaying a VLAN Figure 160: VLAN topology shown by switch The following information is displayed for each VLAN on the selected switch: • Name—VLAN name • Tag—VLAN tag • Protocol—Protocol filter for the VLAN • VLAN IP Addr—VLAN IP address • VLAN IP Mask—VLAN IP Mask • Ports—Ports on this switch in the VLAN Viewing Switches in a VLAN To view all devices configured with a specific VLAN, select the VLAN in the Component Tree of the By VLAN view. Figure 161 shows an example of the Devices in VLAN view. EPICenter Software Installation and User Guide 325 Using the VLAN Manager Figure 161: VLANs present on the selected switch Put info here about what is shown for each switch in the selected VLAN: • Name—Device name • Type—An icon representing the device Type • VLAN IP Addr—IP address of the VLAN • VLAN IP Mask—IP Mask for the VLAN • Ports—Ports on this switch in the VLAN Viewing VLAN Member Ports You can display details about the component ports of a VLAN by selecting a VLAN and switch in the tree on the left. You can do this from either the By VLAN or By Switch view. Once you have selected a VLAN and switch (or switch and VLAN) the panel on the right displays detailed information about the ports in the selected VLAN and switch, as shown in Figure 162. 326 EPICenter Software Installation and User Guide Displaying a VLAN Figure 162: VLAN member ports on a selected switch The port details include the following information about each port: • Port—The port number • Type—The port type, shown as an icon. Different icons are used to represent the port types: 10/100Mbps ( 100Base-FX ( ) ) 100Base-T/TX ( 1000BASE-X ( ) ) Tagged ports are shown with a small orange tag ( ) Load-shared ports are indicated with a small green S ( ) • Speed—The port speed • Duplex—The Duplex setting (Full or Half) • State—The port state (Enabled or Disabled) • Status—The port status (Ready or Active) • Tagging—Whether the port is tagged or untagged EPICenter Software Installation and User Guide 327 Using the VLAN Manager Viewing Device Information from Pop-up Menus From a device entry in the Component Tree (in either the By Switch or By VLAN view) you can select a VLAN or a device and right-click to display a pop-up menu. The contents of the pop-up menu depend on the component you have selected: • In the By VLAN view, select a VLAN and right-click to access the Modify VLAN Membership command. • In the By VLAN view, select a device and right-click to display a menu containing the Modify VLAN Membership, Alarms, Browse, EView, Statistics, Sync, Telnet, and Properties commands. • In the By Switch view, select a device and right-click to display a menu containing the Alarms, Browse, EView, Statistics, Sync, Telnet, and Properties commands. • In the By Switch view, select a VLAN and right-click to access the Modify VLAN Membership command. The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device connections.The Properties command displays the attributes for a specific device group, device, slot, or port. The Alarms, Browse, EView, Statistics, Sync, and Telnet commands perform the same functions as the applets in the Navigation Toolbar to the left of the page, but with information displayed for the selected device. Modify VLAN Membership The Modify VLAN Membership command lets you modify the VLAN membership of the VLAN selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device connections. See “Modifying a VLAN from the Component Tree Menu” on page 337 for details on using this command. Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5 for details on using this feature. Browse The Device Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. 328 EPICenter Software Installation and User Guide Displaying a VLAN EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10 for details on using this feature. Statistics The Device Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Device from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device. See Chapter 11 for details on using this feature. Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. See Chapter 7 for details on using this feature. Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device: • Right-click on the device, then select Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7 for details on using this feature. EPICenter Software Installation and User Guide 329 Using the VLAN Manager Properties The Properties function lets you view the attributes for a selected device. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab. The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab. The VLAN tab lists the VLANs configured on the device. The STP Tab. The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab. The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab. The Syslog Messages tab lists information about the most recent 500 Syslog Messages received from the device. For more details about the Device Properties window, see“Device Properties” on page 117 in Chapter 4. Adding a VLAN Users with Administrator or Manager access can create VLANs on the Extreme Networks switches managed by the EPICenter software. If you have Monitor access only, you can not use this function. To add a new VLAN, do the following: 1 Click the Add button in the VLAN Manager Toolbar. The Add VLAN dialog box, Properties & Ports page is displayed, as shown in Figure 163. 330 EPICenter Software Installation and User Guide Adding a VLAN Figure 163: Add VLAN dialog, Properties and Ports page 2 Enter a descriptive name for the VLAN. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on VLAN naming. 3 Select an entry from the pull-down Protocol Filter list. This selection determines what protocol (if any) is used to determine membership in this VLAN. If you do not want to specify a protocol, select ANY. This means the filtering rules will match all unfiltered protocols. 4 If the VLAN is to be tagged, enter a 802.1Q tag value in the Tag field. The tag value can be a number between 2 and 4095. By entering a tag number, you enable tagging for this VLAN. Enter the text “untagged” or 0 (zero) to indicate that the VLAN is to be untagged. 5 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a list of ports on the switch that are available to be included in the VLAN. NOTE The Available Ports list does not include ports configured as slave load sharing ports. 6 Select one or more ports from the Available Ports list. 7 Click Tagged to add the port as a tagged port. Click Untagged to add the port as an untagged port. If this is an untagged VLAN, you are not able to add a tagged port. If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port. EPICenter will warn you and let you confirm that this is what you want. You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and click Tagged or Untagged to add the switch to the VLAN. 8 To remove a port from the VLAN, select the port from the Ports in VLAN list, and then click Remove. EPICenter Software Installation and User Guide 331 Using the VLAN Manager 9 After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN. • Select the device you want to check. • Click the Connect Device button. If EPICenter can find a path from the device and port to another member of the VLAN, it opens a Connection Information window that displays information about the path, as shown in Figure 164. Figure 164: Connection Information window If additional ports or devices and ports must be added to create a path, EPICenter lists the ports needed, and offers to add them to the VLAN. • Click Yes to add the ports. • Click No to close the Connection Information window without adding the ports. If EPICenter cannot find a path, it displays an error window. 10 When you have finished adding ports to the VLAN, click Apply to implement the changes. The VLAN is created on the switches whose ports are members of the new VLAN. Once you have added a VLAN, you can specify an IP address and mask for the VLAN on each switch, and also enable or disable IP Forwarding. 1 Select the IP Forwarding tab at the top of the Add VLAN window. The IP Forwarding page is displayed, as shown in Figure 165. 332 EPICenter Software Installation and User Guide Deleting a VLAN Figure 165: Add VLAN dialog, IP Forwarding page 2 Select a switch from the table of switches. 3 Enter an IP address and IP mask. Click the Enable IP Forwarding check box to enable IP forwarding for this VLAN on the switch. 4 Click Apply to implement the changes. 5 Click Close to exit the window. Deleting a VLAN Users with Administrator or Manager access can delete VLANs from Extreme Networks switches managed by the EPICenter software. If you have only Monitor access, you cannot use this function. To delete a VLAN, follow these steps: 1 Click the Delete button in the VLAN Manager Toolbar. The Delete VLAN dialog is displayed, as shown in Figure 166. EPICenter Software Installation and User Guide 333 Using the VLAN Manager Figure 166: The Delete VLAN page 2 Select the VLAN you want to delete. 3 Click Delete. The VLAN is deleted from all the switches on which it exists. 4 Click Close to exit the window. If any of the switches are offline or unreachable, the VLAN remains with only those switches as a member. Modifying a VLAN Users with Administrator or Manager access can modify the properties of a VLAN, and add and remove ports from the VLAN. If you have only Monitor access, you can not use this function. You can start the Modify VLAN process in two ways: • Click the Modify icon in the VLAN Manager toolbar. Using this method you can modify both the VLAN membership (devices and ports) and properties (tag and protocol filter) and modify the IP Forwarding behavior. You can also search for device connections between devices in the VLAN. If you select a VLAN before you click the Modify button, the Modify VLAN window will contain information on the VLAN you selected. If you do not select a VLAN beforehand, you can select one from within the Modify VLAN window. See “Modifying a VLAN from the Toolbar” on page 335 for details. 334 EPICenter Software Installation and User Guide Modifying a VLAN • Select a VLAN in the Component Tree, right-click to display the pop-up menu, and select Modify VLAN Membership. Using this method you can modify only the VLAN membership of the VLAN selected in the Component Tree. You cannot modify IP Forwarding behavior or search for device connections. See “Modifying a VLAN from the Component Tree Menu” on page 337 for details. Modifying a VLAN from the Toolbar To start the Modify VLAN process from the Toolbar, follow these steps: 1 Click the Modify button in the VLAN Manager Toolbar. The Modify VLAN dialog, Properties & Ports page is displayed, as shown in Figure 167. Figure 167: The Modify VLAN dialog, Properties and Ports page 2 Select a VLAN from the drop-down list in the VLAN Name field. The current values for the VLAN are displayed. NOTE The Ports in VLAN list does not display SummitLink ports, because you cannot modify them. 3 To change the Protocol Filter selection, select a different entry from the pull-down Protocol Filter list. 4 To change the VLAN tag, type a new value into the Tag field. To disable tagging for the VLAN, type “untagged” or 0 (zero) into the Tag field. 5 To remove a port from the VLAN, select the port in the Ports in VLAN list, and click Remove. 6 To add a port to the VLAN, first select the switch from the Available Switches list. This displays a list of ports on the switch that are available to be included in the VLAN. NOTE The Available Ports list does not include ports configured as slave load sharing ports. EPICenter Software Installation and User Guide 335 Using the VLAN Manager 7 Select one or more ports from the Available Ports list. 8 Click Tagged to add the ports as a tagged ports. Click Untagged to add the ports as an untagged ports. If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be greyed out in this case. If you add a port untagged, EPICenter must remove it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port. EPICenter will warn you and let you confirm that this is what you want. You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and click Tagged or Untagged to add the switch to the VLAN. 9 After you add a device and port to the VLAN, you can use the Connect Device button to determine whether that port can connect to the other members of the VLAN. • Select the device you want to check. • Click the Connect Device button. If EPICenter can find a path from the device and port to another member of the VLAN, it opens a Connection Information window that displays information about the path, as shown in Figure 164. If additional ports or devices and ports must be added to create a path, EPICenter lists the ports needed, and offers to add them to the VLAN. • Click Yes to add the ports. • Click No to close the Connection Information window without adding the ports. If EPICenter cannot find a path, it displays an error window. 10 When you have finished adding and removing ports, click Apply to implement the changes. If all ports of a switch are removed from the VLAN, the VLAN is deleted from that switch. If a port on a new switch is added to the VLAN, then the VLAN is created on that switch. 11 To modify the IP address and mask for a VLAN on a switch, and to enable or disable IP Forwarding, select the IP Forwarding tab at the top of the Add VLAN window. The IP Forwarding page is displayed, as shown in Figure 165. 336 EPICenter Software Installation and User Guide Modifying a VLAN Figure 168: The Modify VLAN dialog, IP Forwarding page 12 Select a switch from the table of switches. 13 Change the IP address and IP mask as appropriate. Click the Enable IP forwarding check box to enable or disable IP forwarding for this VLAN on the switch. 14 Click Apply to implement the changes. 15 Click Close to exit the window. Modifying a VLAN from the Component Tree Menu To start the Modify VLAN process for a VLAN in the Component Tree, follow these steps: 1 Select a VLAN in the Component Tree. 2 Right-click to display the pop-up menu, and select Modify VLAN Membership. The Modify Membership of VLAN dialog opens, as shown in Figure 169. EPICenter Software Installation and User Guide 337 Using the VLAN Manager Figure 169: Modify Membership of VLAN window 3 To add a port to the VLAN, first select the switch in the Component Tree on the left. The Resource Table displays a list of ports on the selected switch that are available to be included in the VLAN. NOTE The list of port resources does not include ports configured as slave load sharing ports. 4 Select one or more ports from the port resources list. 5 Click Add Tagged to add the port as a tagged port. Click Add Untagged to add the port as an untagged port. If this is an untagged VLAN, you cannot add a tagged port. The tagged button will be greyed out in this case. NOTE If you add a port untagged, EPICenter automatically removes it from any other VLAN that includes the port as an untagged member and that uses the same protocol as the VLAN to which you are adding the port. You can add a switch to a VLAN as a unit—just select the switch without selecting any ports, and click Add Tagged or Add Untagged to add the switch to the VLAN. 6 To remove ports from the VLAN, select one or more ports in the Current VLAN Port Members list, and click Remove. 7 To remove all ports from the VLAN, click Remove All. 8 When you are finished making changes, click OK. To cancel all changes, click Cancel. Adding and Deleting Protocol Filters Users with Administrator or Manager access can view, add, and delete protocol filter definitions. If you have Monitor access, you can view filter definitions, but not add or delete them. 338 EPICenter Software Installation and User Guide Adding and Deleting Protocol Filters To view, delete, or add protocol filter definitions, do the following: 1 Click Protocol Filters in the VLAN Manager. The View/Delete page of the Protocol Panel dialog box is displayed, as shown in Figure 170. Figure 170: Protocol Panel dialog box, View/Delete page . This page shows all the protocol filters configured within the EPICenter database. Any filters that are in use by a VLAN are indicated with an asterisk (*) in the In Use column. 2 To delete a protocol filter, select a filter in the list, and click Delete. This deletes the protocol filter from all Extreme Networks switches managed by the EPICenter software, as well as from the EPICenter database. NOTE If a filter is in use by a VLAN, you cannot delete it. 3 Click Close to exit the window. To add a protocol filter, follow these steps: 1 Click the Add tab at the top of the Protocol Panel dialog box to display the Add Protocol page, as shown in Figure 171. Figure 171: Protocol Panel dialog box, Add Protocol page . EPICenter Software Installation and User Guide 339 Using the VLAN Manager 2 Enter a descriptive name for the Protocol. The name must begin with a letter followed by up to 31 characters. See the ExtremeWare Software User Guide for details on naming. 3 Select a protocol type from the pull-down list in the type column. 4 Type a corresponding four-digit hexadecimal filter value in the value field. 5 Repeat steps 3 and 4 to enter up to six type-value pairs. 6 When you have finished entering the definition, click Add to add the new protocol filter to the EPICenter database. NOTE The protocol filter is now available to be used on any switch, but is not created on any switches at this time. The protocol filter is created on a switch only when you create or modify a VLAN to use the new protocol filter on that switch. The database acts as a collective store for network data without needing to replicate it on every switch. 7 Click Close to exit the window. 340 EPICenter Software Installation and User Guide 14 The Spanning Tree Monitor This chapter describes how to use the EPICenter Spanning Tree Monitor module for: • Viewing the configuration and status of STP domains • Viewing the status and configuration of VLANs associated with an STP domain • Viewing the status and configuration of devices and ports associated with an STP domain NOTE In order for the EPICenter server to acquire information about a device’s STPD configuration, that device must be running ExtremeWare 6.2.2 or later. Prior to version 6.2.2, the ExtremeWare SNMP agent did not provide Spanning Tree information. Overview of the Spanning Tree Monitor The EPICenter Spanning Tree Monitor module displays information about STP domains at the domain, VLAN, device, and port levels. STP is a bridge-based mechanism for providing fault tolerance on networks. In the Extreme Networks implementation of STP, a switch can be partitioned into multiple virtual bridges. Each virtual bridge can run an independent Spanning Tree instance, called a Spanning Tree Domain (STPD). Each STP domain has its own root bridge and active path. After an STPD is created, one or more VLANs can be assigned to it, depending on the mode of the ports. The default switch configuration includes a single STP domain called s0. The default VLAN is a member of STPD s0. STP ports can run in one of three modes: • 802.1D mode. which conforms to the IEEE 802.1D standard. • Extreme Multiple Instance Spanning Tree Protocol (EMISTP) mode, an Extreme implementation of STP that allows a port to belong to multiple STP domains. This is the default on Extreme switches. • Enhanced Per-VLAN Spanning Tree Protocol (PVST+) mode, an STP implementation widely deployed on many vendors’ switches, that is interoperable with 802.1Q spanning tree. A physical port can belong to multiple STPDs through membership in multiple VLANs, if the port is in EMISTP mode. In addition, a single VLAN can span multiple STPDs. EPICenter Software Installation and User Guide 341 The Spanning Tree Monitor STP configuration must be done through the EPICenter Telnet applet or through the ExtremeWare command line interface. The STP monitor displays summary and detailed STP configuration information about the devices being managed by the EPICenter server. It allows you to view STP configuration information network-wide rather than only device by device as is the case through the ExtremeWare CLI. The EPICenter server receives STP topology information through traps from the SNMP agent in the switch, and through polling. Not all STP-related changes generate traps—for example, updating the root port and path cost for the previous root when the root changes. The EPICenter server relies on device polling to detect these types of changes. However, device polling by default is only done every 90 minutes, so if you want STP status updated more frequently, you may want to group your STP devices into their own device group and change the polling interval to a more appropriate interval. For more details on STP, see the ExtremeWare Software User Guide. Displaying STP Domain Information Click the STP button in the EPICenter Navigation Toolbar to run the Spanning Tree Monitor module. The STP Domains window appears, as shown in Figure 172. Figure 172: STP Domains view This view, displayed when the root node of the Component Tree is selected, shows information about the STP domains configured on the devices managed by the EPICenter server that are running ExtremeWare 6.2.2 or later. 342 EPICenter Software Installation and User Guide Displaying STP Domain Information Under the root node the Component Tree displays all the STP domains identified by the EPICenter server. The VLANs included in the domain are listed as subcomponents of the domain. The VLANs in turn show the devices with ports that are members of the VLAN within the domain. NOTE Devices running earlier versions of ExtremeWare may also have Spanning Tree domains configured and enabled, but the EPICenter server is unable to obtain information about these domains because SNMP agent support for STP was added in version 6.2.2. The information presented for each STP domain includes: • Name: The name of the STP domain. • Tag: The 802.1Q tag of one of the wholly-contained VLANs in the domain. • Root: The device name, IP address, or MAC address of the device configured as the designated root of this STP domain. If STP is disabled for this domain, this field is blank. • Root Max Age: The maximum allowable age for STP information learned by the root for this domain. If this age is reached, the current information is discarded and the Spanning Tree is recalculated. Value is in seconds. • Root Hello Time: The interval between transmission of Configuration BPDUs by the root for this domain. Value is in seconds. • Root Forward Delay: The forward delay time being used by the root for this domain. The forward delay is the time that a bridge remains in the learning and listening states, not forwarding data. Value is in seconds. • VLANs: The number of VLANs participating in this domain. • Devices: The number of devices participating in this domain. • Ports: The total number of ports participating in this domain, if the domain is enabled. NOTE If an untagged STP domain spans multiple switches and is configured with different tags on different switches, it may appear as separate STP domains in EPICenter’s STP Monitor. EPICenter Software Installation and User Guide 343 The Spanning Tree Monitor Displaying STP VLAN Configurations Select a specific STP domain in the Component Tree to view summary information about the VLANs in the selected domain. When you select an STP domain, the STP VLAN view appears, as shown in Figure 173. Figure 173: STP VLANs view This view shows information about the VLANs in the selected domain. The information presented for each VLAN in the domain includes: • Name: The name of the VLAN. • Devices: The number of devices participating in this VLAN for this domain. • Ports: The number of ports participating in this VLAN in this domain, if the domain is enabled. This will be zero if the STP domain is disabled on the bridge. The panel at the bottom of this view shows summary information about the STP domain in which these VLANs are included. Displaying STP Device Configurations Select a specific STP VLAN in the Component Tree to view summary information about the devices in the selected VLAN that participate in the STP domain. When you select a VLAN, the STP Devices view appears, as shown in Figure 174. 344 EPICenter Software Installation and User Guide Displaying STP Domain Information Figure 174: STP Devices view This view shows information about the devices participating in the selected VLAN within this domain. The information presented for each device includes: • Name: The name of the device. • State: The state of STP on this domain (enabled or disabled). If disabled, most of the remaining fields are zero. • Configured Tag: The 802.1Q tag of one of the VLANs in the domain, as configured by the user. • Root: Indicates whether this device is currently the STP root bridge for this domain (Yes or No). • Root Port: The port with the best path to the root bridge. It this device is the root bridge, this will be zero. • Root Path Cost: The cost of the path from this bridge to the root bridge. If this device is the root bridge, the cost will be zero. • Designated Bridge: Indicates whether this device is a designated bridge (transmits configuration BPDUs to other bridges on any of its ports). • Priority: The bridge priority of this bridge for this STP domain. • Max Age: The maximum allowable age for STP information as determined by the root for this domain. If this age is reached, the current information is discarded and the Spanning Tree is recalculated. Value is in seconds. • Hello Time: The interval between transmission of Configuration BPDUs by the root for this domain. Value is in seconds. • Forward Delay: The actual forward delay time as determined by the root for this STP domain. Value is in seconds. EPICenter Software Installation and User Guide 345 The Spanning Tree Monitor • Hold Time: The time during which no more than two configuration BPDUs can be transmitted by this node. Value is in seconds. • Ports: The number of ports on this bridge participating in this VLAN in this domain, if the domain is enabled. This will be zero if the STP domain is disabled on the bridge. The panel at the bottom of this view shows summary information about the STP domain and VLAN with which these devices are associated. Displaying STP Port Information Select a device in the Component Tree to view information about the ports on the device that are members of the selected VLAN and STP domain. When you select a device, the STP Ports view appears, as shown in Figure 175. Figure 175: STP Ports view This view shows information about ports on the selected device that are participating in an enabled STP domain. The information presented for each port includes: • Port: The device and port number. • STP State: Whether STP is enabled or disabled on this port. • State: The state of the port: Disabled, Blocking, Listening, Learning, or Forwarding • Mode: The port mode (802.1D, PVST or EMISTP). • Priority: The port priority of this port in this STP domain. • Port Cost: This port’s contribution to the cost of the path from this port to the root bridge for this STP domain. 346 EPICenter Software Installation and User Guide Viewing STP Domain Properties from Pop-Up Menus • Designated Cost: The total cost of the path from this port (the Designated Port) to the root bridge for this STP domain. • Link: The switch and port at the other side of the link. The panel at the bottom of this view shows summary information about the STP domain, VLAN and device with which these ports are associated. NOTE If the domain is disabled, the port table will be empty. Viewing STP Domain Properties from Pop-Up Menus You can right-click on a STP Domain entry or a VLAN entry in the Component Tree to display the Properties command. • To view properties for an STP Domain, right-click on an STP Domain name, then click Properties. • To view properties for a VLAN, right-click on a VLAN name, then click Properties. • To view properties for a device, right-click to display a menu containing Alarms, Browse, EView, Statistics, Sync, Telnet, VLANs, and Properties commands. STP Properties The STP Properties window displays the following information: • Name: The name of the STP domain. • Tag: The 802.1Q tag of one of the wholly-contained VLANs in the domain. • Root: The device name, IP address, or MAC address of the device configured as the designated root of this STP domain. If STP is disabled for this domain, this field is blank. • Root Max Age: The maximum allowable age for STP information learned by the root for this domain. If this age is reached, the current information is discarded and the Spanning Tree is recalculated. Value is in seconds. • Root Hello Time: The interval between transmission of Configuration BPDUs by the root for this domain. Value is in seconds. • Root Forward Delay: The forward delay time being used by the root for this domain. The forward delay is the time that a bridge remains in the learning and listening states, not forwarding data. Value is in seconds. • Number of VLANs: The number of VLANs participating in this domain. • Number of Devices: The number of devices participating in this domain. • Number of Ports: The total number of ports participating in this domain, if the domain is enabled. Click OK to close the window. EPICenter Software Installation and User Guide 347 The Spanning Tree Monitor VLAN Properties The VLAN Properties window displays the following information: • Name: The VLAN name • Tag: The VLAN tag value (if any) or “Untagged” • Protocol: The protocol filter configured for the VLAN Click OK to close the window. The Device Pop-Up Menu When you right-click on a device in the Component Tree, the pop-up menu contains Alarms, Browse, EView, Statistics, Sync, Telnet, VLANs, and Properties commands. Alarms The Alarms function runs the EPICenter Alarm System and displays the Alarm Browser function to show the alarms for the selected device. To view the Alarms display for a selected device: • Right-click on the device, then select Alarms from the pop-up menu that appears This starts the Alarm System applet in a new window. The Alarm System displays the Alarm Log Browser and displays the alarms for the selected device. See Chapter 5 for details on using this feature. Browse The Device Browse function runs the ExtremeWare Vista switch management interface for the selected device. To run ExtremeWare Vista for a selected device: • Right-click on the device, then select Browse from the pop-up menu that appears This starts the ExtremeWare Vista login page in a new window. Refer to the ExtremeWare Software User Guide for details on using ExtremeWare Vista. EView The EView function runs the EPICenter ExtremeView applet and displays the device front-panel image and device information for the selected device. To view the EView for a selected device: • Right-click on the device, then select EView from the pop-up menu that appears This starts the ExtremeView applet in a new window and displays the front-panel image and information for the selected device. See Chapter 10 for details on using this feature. 348 EPICenter Software Installation and User Guide Viewing STP Domain Properties from Pop-Up Menus Statistics The Device Statistics function runs the EPICenter Real-Time Statistics applet and displays port statistics for the selected device. To view the Device Statistics display for a selected device: • Right-click on the device, then select Device from the pop-up menu that appears This starts the Real-Time Statistics applet in a new window and displays port statistics for the selected device. See Chapter 11 for details on using this feature. Sync Sync is a manual update of the regular data gathering mechanisms. Use Sync when you think that the device configuration or status is not correctly reported in EPICenter applets. Sync causes EPICenter to poll the switch and update all configuration and status information. To launch the synchronization procedure for a selected device: • Right-click on the device, then select Sync from the pop-up menu that appears. This starts the Sync procedure for the selected device. See Chapter 4 for details on using this feature. Telnet The Telnet function opens an EPICenter telnet window that is connected to the selected device. To open a telnet session for a selected device: • Right-click on the device, then select Telnet from the pop-up menu that appears This starts a telnet session for the device in a new window. See Chapter 7 for details on using this feature. VLANs The VLANs function runs the EPICenter VLANs applet and displays the VLANs currently known to the EPICenter database. To view the VLANs for a selected device: • Right-click on the device, then select VLANs from the pop-up menu that appears This starts the VLAN applet in a new window and displays the VLANs currently know to the EPICenter database. See Chapter 13 for details on using this feature. EPICenter Software Installation and User Guide 349 The Spanning Tree Monitor Properties The Properties function lets you view the attributes for a selected device. The Device Properties window has five tabs at the top of the window: • Device • VLAN • STP • Network Login/802.1x • Syslog Messages Each tab displays the name of the device and a status “light” which shows the status of the device as detected by EPICenter. The Device Tab. The Device tab displays information about the device such as its IP address, MAC address, and boot time. The main section of the window presents the same information you can view in the Inventory Manager for the device. If the device is an Extreme device, the ExtremeWare software running in the switch provides comprehensive status information. The VLAN Tab. The VLAN tab lists the VLANs configured on the device. The STP Tab. The STP tab lists the Spanning Tree domains (STPDs) configured on the device. There may be more than one entry per STPD if the domain includes multiple VLANs. The Network Login/802.1x Tab The Network Login/802.1x tab lists the Network Login/802.1x information about each user connected to the device. The Syslog Messages Tab The Syslog Messages tab lists information about the most recent Syslog Message received from the device. For more details about the Device Properties window, see“Device Properties” on page 117 in Chapter 4. 350 EPICenter Software Installation and User Guide 15 The ESRP Manager This chapter describes how to use the EPICenter ESRP Manager applet for: • Viewing the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs Overview of the ESRP Manager The Extreme Standby Router Protocol (ESRP) is a feature of ExtremeWare that allows multiple switches to provide redundant layer 3 routing services, as well as layer 2 redundancy, to users. The ESRP Manager displays the status of ESRP-enabled VLANs and the ESRP-enabled switches in those VLANs. You can view a summary status for all the ESRP-enabled VLANs being monitored by EPICenter. You can also view detailed information for an individual ESRP-enabled VLAN and the switches in those VLANs. NOTE This chapter does not discuss ESRP functionality in any detail. For more information about ESRP, see the ExtremeWare Software User Guide, versions 6.0 or later. To start the ESRP Manager applet, click the ESRP button in the EPICenter Navigation Toolbar. The ESRP Manager applet appears, initially displaying a summary status of the ESRP-enabled VLANs known to EPICenter, as shown in Figure 176. EPICenter Software Installation and User Guide 351 The ESRP Manager Figure 176: ESRP Manager showing summary ESRP-enabled VLAN status This display shows a summary of the ESRP configuration for each ESRP-enabled VLAN. The information displayed is as follows: • VLAN Name—The name of the ESRP-enabled VLAN. • Master Switch—The name, if known, or MAC address of the switch currently designated as the Master switch. If this switch is being managed by EPICenter (is included in EPICenter’s Inventory database) the name will appear. If the switch is not known to EPICenter, the MAC address will appear. • IP Address—The IP address of the ESRP-enabled VLAN. If the master switch is not known to EPICenter, this will be “N/A.” • Group—The ESRP group to which this ESRP-enabled VLAN belongs in a broadcast domain that contains multiple instances of ESRP (multiple ESRP groups). The names of the ESRP-enabled VLANs participating in the same group must be identical. • Election Algorithm—The ESRP election algorithm in use for this VLAN. The election algorithm determines the order of precedence of the election factors used to determine the ESRP Master. The election factors are: — Ports: the number of active ports (the switch with the highest number takes priority) — Track: whether the switch is using ESRP tracking (a switch using tracking has priority) — Priority: a user-defined priority number between 0 and 254 (a higher number has higher priority) — MAC: the switch MAC address (a higher-number address has priority) 352 EPICenter Software Installation and User Guide Viewing ESRP Detail Information The election algorithm can be one of the following: — ports_track_priority_mac (the default): This algorithm considers active ports first, then tracking, then priority, then the MAC address to determine the ESRP Master. This is the only algorithm supported for ExtremeWare releases prior to version 6.0 — track_ports_priority_mac — priority_ports_track_mac — priority_track_ports_mac — priority_mac_only: only considers priority and the MAC address See the ExtremeWare Software User Guide, version 6.1 or later, for details. NOTE The ESRP election algorithm must be identical on all switches in an ESRP group. If it is not, serious problems may arise. • Hello Timer—This is the interval, in seconds, for exchanging keep-alive packets between the ESRP switches for this ESRP-enabled VLAN. Also known as the ESRP timer. The default is 2 seconds. Viewing ESRP Detail Information You can display detailed ESRP information for the switches in an individual ESRP-enabled VLAN by clicking on the VLAN name in the Component Tree in the left-hand panel of the window. This displays a status window similar to the one shown in Figure 177. Figure 177: ESRP detail for an individual ESRP-enabled VLAN EPICenter Software Installation and User Guide 353 The ESRP Manager ESRP trap events will also be recorded in the EPICenter Event Log, which you can view using the EPICenter Event Log Report (see Chapter 17). ESRP state change traps will be recorded in the EPICenter Alarm Log (see Chapter 5). NOTE ESRP Traps are not implemented in ExtremeWare versions 4.x or 5.x. Thus, for switches running those versions of ExtremeWare, state changes and other ESRP updates will only be reflected after the next device polling interval. Note that an ESRP-enabled VLAN can be monitored by EPICenter as long as at least one of its ESRP-enabled switches is managed by EPICenter (i.e. is included in EPICenter’s device database). If there are other ESRP-enabled switches in that VLAN, their ESRP status will also be displayed in the ESRP Manager, even if they are not being managed by EPICenter. The Detailed ESRP Information view displays the following information: • Switch Name—The name of the switch, if known. (If the switch is not being managed by EPICenter, this field will contain “N/A.”) • MAC—The MAC address of this switch. • State—The current state of the switch—Master or Slave. • Priority—A user-defined value, between 0 and 254, which can be used by the ESRP election algorithm in determining which switch is the Master switch. The default is 0. • To Master—The number of times this switch has transitioned to become a Master. • To Slave—The number of times this switch has transitioned to become a Slave. NOTE The number of Master and Slave transitions cannot be obtained from versions of ExtremeWare prior to version 6.1.6. For switches running earlier versions of ExtremeWare, the display defaults to “N/A.” NOTE If some of the ESRP-enabled switches in an ESRP-enabled VLAN are not managed by EPICenter, the ToMaster and ToSlave values for those switches will not be updated until the next device polling interval. • Active Ports—The number of active ports in this ESRP-enable VLAN. • Tracked Ports—The number of tracked ports that are currently active. • Tracked Routes—The number of tracked IP routes that are currently active. • Tracked Pings—The number of tracked ping responders that are responding successfully. NOTE The number of Tracked Pings cannot be obtained from versions of ExtremeWare prior to version 6.1.6. For switches running earlier versions of ExtremeWare, the display defaults to zero. 354 EPICenter Software Installation and User Guide 16 Administering EPICenter This chapter describes how to use the Administration applet for the following: • Changing your own user password, for users without Administration access • Adding and deleting EPICenter users • Setting and modifying user permissions for both the EPICenter and ExtremeWare software • Configuring the EPICenter server as a RADIUS client or a RADIUS server for user authentication • Enabling or disabling EPICenter Syslog receiver functionality • Modifying EPICenter server properties to change settings such as polling rates, time-outs, port assignments and other similar settings • Configuring EPICenter for a distributed server configuration Overview of User Administration In order to log in to the EPICenter server and use its management features, you must have a user name and password. An EPICenter administrator can create and modify EPICenter user accounts, passwords, and account permissions through the Administration applet. Individual users, regardless of their access permissions, can change their own password using the Administration applet. The EPICenter server and its Remote Authentication Dial In User Service (RADIUS) server can be used for user authentication, both for EPICenter server access and Extreme Networks switch access. The Administration applet provides an interface for configuring the RADIUS server. Finally, the Administration applet provides an interface that allows an EPICenter administrator to modify a number of properties that affect the performance and configuration of the EPICenter server. These properties are stored in the EPICenter database along with other EPICenter data. Controlling EPICenter Access The EPICenter server provides three levels of access to EPICenter functions: • Monitor — users who can view status information and statistics. • Manager — users who can modify device parameters as well as view status information and statistics. EPICenter Software Installation and User Guide 355 Administering EPICenter • Administrator — users who can create, modify and delete user accounts as well as perform all the functions of a user with Manager access. The EPICenter server provides two default users: • “admin” with Administrator access • “user” with Monitor access The two default users do not initially have passwords. All other user names must be added and enabled by an Administrator user. Regardless of your access level, you can run the Administration applet and change your own password. Users with Administrator access can add and delete users and assign user access levels. NOTE The EPICenter user accounts are separate from the Extreme switch user accounts. You can configure both through the EPICenter software, or you can have switch access independently of the EPICenter software. ExtremeWare Software Access Through the EPICenter software, two levels of access to Extreme switches can be enabled: • User — Users who can view device status information and statistics, but cannot modify any parameters. • Administrator — Users who can modify device parameters as well as view status information and statistics. These permissions enable access to Extreme Networks switches through Telnet or ExtremeWare Vista. The use of the RADIUS server avoids the need to maintain user names, passwords, and access permissions in each switch, and instead centralizes the configuration in one location in the EPICenter server. The EPICenter RADIUS Server The EPICenter software incorporates a basic RADIUS server for user authentication. RADIUS provides a standard way for the EPICenter software and Extreme Networks switches to handle user authentication, permitting the unification of the Extreme Networks CLI, ExtremeWare Vista, and EPICenter user authentication. The EPICenter server can be configured to act either as a RADIUS server or a RADIUS client. RADIUS authentication is disabled by default. ExtremeWare versions 4.1 and later support the RADIUS server for authentication and can act as RADIUS clients. Setting EPICenter Server Properties The server properties interface allows an EPICenter administrator to modify a number of parameters that affect server performance and function. These include communication parameters such as polling intervals, time-outs, port usage, number of retries, setting Scalability mode, and a number of other parameters. 356 EPICenter Software Installation and User Guide Starting the EPICenter Client for the First Time Starting the EPICenter Client for the First Time The two default users, admin and user, do not initially have passwords. It is strongly recommended that you log in the first time with the user name admin, and immediately change the admin password. You can then add other users with Manager, Monitor, or Administrator access. To run the EPICenter client interface for the first time: 1 Launch the EPICenter client. The EPICenter Login page appears. 2 Select or enter the host name or IP address and port of the EPICenter server. 3 Type the user name admin in the User field. 4 Leave the Password field empty. 5 Click Login. The Network Summary Report page appears. 6 Click Admin in the Navigation Toolbar to access the Administration functions of the EPICenter server. The User Administration page appears, as shown in Figure 178. The only users are “admin” and “user.” Figure 178: User Administration window EPICenter Software Installation and User Guide 357 Administering EPICenter Changing the Admin Password To change the Admin password: 1 Click the tab at the top of the page to display the User Administration page, if necessary. 2 Select the user admin in the User list. 3 Click Modify. The Edit User window appears, as shown in Figure 179. Figure 179: Edit User window 4 Type a new password in the Password field. 5 Type the password again in the Verify Password field. 6 Click OK. The new admin password is stored in the EPICenter database. You cannot change the EPICenter access level for this user. You can, however, change the ExtremeWare account access. The default for the EPICenter user “Admin” is Administrator. See the information under “Adding or Modifying User Accounts” for details on the ExtremeWare account access levels. Adding or Modifying User Accounts To add users to the EPICenter database, or to modify EPICenter user account access, follow these steps: 1 Login to the ExtremeWare EPICenter as a user with Administrator access. 2 Click Admin in the Navigation Toolbar. 3 Click the User Administration tab at the top of the page to display the User Administration page, if necessary. 358 EPICenter Software Installation and User Guide Adding or Modifying User Accounts 4 To add a user, click Add. To change a user’s access or password, select the user name and click Modify. The New User window (or Edit User window) appears (Figure 180). Figure 180: New User and Edit User windows 5 For a new user, type a user name into the Name field. 6 Type a new password into the Password field. 7 Type the password again into the Verify Password field. 8 Select the appropriate EPICenter Account Access level: • Administrator access allows the user to add, edit and delete user accounts, as well as view status information and statistics and modify device parameters. • Manager access allows the user to view status information and statistics and modify device parameters. • Monitor access allows the user to view status information and statistics. • Disabled provides no access privileges (the user will not be able to log in to the EPICenter), but keeps the user account information in the EPICenter database. 9 Select the appropriate ExtremeWare Account Access level: • Administrator access allows the user to modify device parameters as well as view status information and statistics. • User access allows the user to view device status information and statistics, but cannot modify any parameters. • No Access provides no access privileges, but keeps the user account information in the EPICenter database. 10 Click OK. The new user information is stored in the EPICenter database. EPICenter Software Installation and User Guide 359 Administering EPICenter NOTE A change to a user account does not take effect until the next time the user logs in. Deleting Users To delete a user, follow these steps: 1 Log in to the ExtremeWare EPICenter as a user with Administrator access. 2 At the About ExtremeWare EPICenter window, click Admin in the Navigation Toolbar. The User Administration page appears. 3 Click the User Administration tab at the top of the page to display the User Administration page, if necessary. 4 Select the user name you want to delete and click Delete. NOTE You cannot delete the user name admin. A confirmation window appears. 5 Click Yes. This removes all information about this user account from the EPICenter database. NOTE To remove all access privileges for a user without removing the user account from the EPICenter database, use the Modify User function and change the Account Access to Disabled. Changing Your Own User Password If you are a user with Manager or Monitor access, you can change your own password at any time after you have logged in to the ExtremeWare EPICenter. To do so, follow these steps: 1 Click Admin in the Navigation Toolbar. The Change Password window appears, as shown in Figure 181. 360 EPICenter Software Installation and User Guide RADIUS Administration Figure 181: Change Password window The window shows your user name, and your EPICenter and RADIUS Account Access levels, but you cannot change them. 2 Type your new password in the Password field. 3 Type the password again in the Verify Password field. 4 Click Apply. Your new password is stored in the EPICenter database. NOTE The change does not take effect until the next time you log in. RADIUS Administration If you have Administrator access, you can enable EPICenter as a RADIUS server or RADIUS client, and change its port or the RADIUS secret. By default RADIUS authentication is disabled. Enabling the RADIUS server means that Extreme switches can act as RADIUS clients, authenticating users against the RADIUS server’s database of users, as administered through the EPICenter. Thus, even if a user accesses the switch directly through Telnet or a browser, the RADIUS server will provide the authentication service. Disabling the RADIUS server means that it will not be available for authenticating users. In this case, each Extreme switch must maintain its own list of users and access permissions, and users will need to remember a (possibly different) login and password for every switch. EPICenter Software Installation and User Guide 361 Administering EPICenter If you have enabled the EPICenter RADIUS server, authentication activity is logged to the file radius_log.txt, found in the EPICenter root install directory. • To change the EPICenter server RADIUS configuration, click the RADIUS tab at the top of the page. The RADIUS Administration page appears, as shown in Figure 182. RADIUS Server Configuration To configure EPICenter as a RADIUS server, follow these steps: Figure 182: Radius Administration page 1 Click the Enable EPICenter as a RADIUS Server button in the RADIUS Configuration panel at the top of the page. This enables the fields in the Server Configuration panel. 2 Enter the RADIUS server’s shared secret in the RADIUS Secret field. This string is basically a shared key by which the RADIUS server and its clients recognize each other, and which they use for secure transmission of user passwords. NOTE If you change the secret in the RADIUS server, you must also change it in any of the RADIUS clients (Extreme switches) that use the RADIUS server for user authentication. 362 EPICenter Software Installation and User Guide Server Properties Administration 3 The default port used for the RADIUS server is 1645. To change the server port, enter the port number in the RADIUS Port field. NOTE If you change the RADIUS server port, you must make sure that the ports used in any RADIUS clients (Extreme switches that use this RADIUS server for user authentication) match the port you enter for the server. 4 To disable RADIUS response messages, uncheck the Enable RADIUS Response Messages checkbox. This prevents the RADIUS server from sending a response message when authentication fails. Check the box to enable these messages. This is enabled by default. 5 Click Apply to have the configuration changes take effect. RADIUS Client Configuration To enable EPICenter as a RADIUS client, do the following: 1 Click the Enable EPICenter as a RADIUS Client button at the top of the page. This enables the fields in the Client Configuration panel. 2 Fill in the fields (server name or IP address, port, and shared secret) for the primary and secondary RADIUS servers as appropriate. It is recommended, but not required, that both a primary and a secondary RADIUS server be available for authentication. 3 Click Apply to have the configuration changes take effect. Disabling RADIUS for EPICenter To disable the use of RADIUS authentication, do the following: 1 Click the Disable RADIUS button at the top of the page. 2 Click Apply to have the configuration changes take effect. Server Properties Administration If you have Administrator access, you can modify the values of a number of properties that affect the function and performance of the EPICenter server. 1 Click the Server Properties tab at the top of the page. The Server Properties Configuration page appears, as shown in Figure 183. EPICenter Software Installation and User Guide 363 Administering EPICenter Figure 183: Server Properties Configuration page, initial properties list 2 Select a set of properties from the drop-down menu field at the top of the central panel. You can select among five sets of properties: — Devices — Scalability — SNMP — Topology — External Connections — Other The Server Properties Configuration page displays the properties in that set. 3 Type a new value into the field for the property you want to change, or click a check-box to turn on or off an option. The specific properties and their meanings are discussed in the following sections. 4 Click the Apply button to cause your changes to take effect. You can undo your changes in one of two ways: — Click the Reset button to restore the values that the displayed properties held when you first entered this page. — Click the Reset to Defaults button to restore the values to the EPICenter server default values (the values in effect immediately after installation). 364 EPICenter Software Installation and User Guide Server Properties Administration 5 For some changes, you will need to restart the EPICenter server for the changes to take effect. A pop-up dialog will inform you that this is necessary. Click OK to dismiss the dialog box, and then shut down and restart the EPICenter server. See Chapter 3 for information on how to shut down and restart the EPICenter server. Devices Properties When you select Devices from the drop-down menu field at the top of the properties panel, you can set the following properties: • Telnet Login Timeout Period (sec): The length of time, in seconds, after which a CLI/Telnet login request to a switch should time out. The default is 10 seconds, the range is 1 to 30 seconds. • Device HTTP Port: The port that the EPICenter server will use to communicate with an Extreme switch’s web server to run ExtremeWare Vista. Default is port 80. • Device Telnet Port: The port that the EPICenter server will use to telnet to a switch. Default is port 23. • Upload/Download Timeout Period (sec): The length of time, in seconds, after which a configuration upload or download operation should time out. If some devices have a large number of VLANs, the timeout may need to be increased to allow an upload or download operation to complete successfully without timing out. • Syslog Server settings: — Enable Syslog Server (Port: 514) (checkbox): A check specifies that the EPICenter server can function as a Syslog receiver to receive Syslog messages. Port 514 is the port used for remote syslog communication from a switch. Uncheck the checkbox to disable syslog server functionality. The default is enabled. NOTE For Solaris, you must stop the Solaris Syslog server before you can enable EPICenter’s syslog server. To stop the server in Solaris, enter the command /etc/init.d/syslog stop. In EPICenter, you can restart the Syslog server by disabling and then re-enabling it. On the device side, remote logging must be enabled, and the switch must be configured to log to the EPICenter server. The default on Extreme switches is for logging to be disabled. You must use the EPICenter Telnet applet or the ExtremeWare CLI to configure your switches. To enable remote logging, enter the command: enable syslog To configure the EPICenter server as a Syslog server, enter the command: config syslog <EPICenter IP address> <facility> You must enter the IP address of the EPICenter server, and a facility level, which can be local0 through local7. See the ExtremeWare Software User Guide or the ExtremeWare Software Command Reference Guide for more information on these commands. You can also include a severity in the config syslog command, which will filter log messages before they are sent to the EPICenter Syslog server. The EPICenter Syslog server will in turn filter the incoming messages based on the severity you set using the Accept SysLog messages with Min Severity setting described previously. To configure remote logging on multiple devices, you can run these commands as a macro in the EPICenter Telnet module. EPICenter Software Installation and User Guide 365 Administering EPICenter — Accept SysLog messages with Min Severity: The minimum severity level of messages to be logged in a switch Syslog file. All messages with Severity equal to or higher than the setting you select will be logged. For example, if you select 2:Critical, then messages of severity 2 (Critical), 1 (Alert), and 0 (Emergency) will be logged. The default is 6: Information. • Save Changed Configurations Only (checkbox): A check specifies that device configurations should be uploaded by the Configuration Manager Archive feature only when the device configuration has changed (the default). Uncheck the checkbox to specify that switch configurations should always be uploaded at the scheduled archive time. • Automatically Save Configuration on Device (checkbox): A check indicates that EPICenter automatically saves the configuration to a switch whenever configuration changes are made. This is the default setting. If this checkbox is not checked, you must use the Save command to save changes to a switch configuration. • Poll Devices Using Telnet (checkbox): A check enables regular CLI/Telnet polling of ExtremeWare 4.1 devices (the default). Uncheck the checkbox to disable CLI/Telnet polling. This disables ESRP polling as well as EDP polling. • Save Switch Password for Vista Login (checkbox): A check specifies that the ExtremeView module should save the switch password in the EPICenter database for use when logging into a switch using ExtremeWare Vista. If you disable (uncheck) this property, you will be required to login to each switch in order to view Configuration and Statistics information in the ExtremeView applet. The default is enabled (passwords will be saved). • Use EPICenter Login/Password for Telnet/SSH: A check indicates that the EPICenter login name and password should be used for establishing user-initiated Telnet or SSH2 sessions with the switch. Background functions, including trap handling, polling, and scheduled operations continue to use the Telnet/SSH login and password configured for the switch using the Inventory Manager. Scalability Properties Select Scalability from the drop-down menu field at the top of the properties panel to set the EPICenter server into Scalable mode (or reset it into regular mode) and to modify the number of concurrent operations the EPICenter server can run. Manipulating the thread pool size, default thread allocation size, number of SNMP sessions, and the number of traps and syslog messages EPICenter processes per minute lets you configure the EPICenter server to provide better performance based on the amount of server resources (number and speed of processors, amount of memory) available. Changing these values should not normally be necessary unless you are managing a very large number of devices (more than 1000 devices). If you are managing more than 1000 devices, it is recommended that you run the EPICenter server on a system with a 1 GHz or faster processor, and at least 1 GB of physical memory. For such a configuration, you may also be able to improve the performance of the EPICenter server by changing the parameters below. NOTE Changing the scalability properties on a system without suitable hardware could actually decrease the performance of the EPICenter server. To see the effects of the current scalability settings, run the Server State Summary Report in the Reports applet. 366 EPICenter Software Installation and User Guide Server Properties Administration • Thread Pool Size: This specifies the maximum number of threads available. Increasing this number may improve overall performance. For managing more than 1000 devices, it is recommended that you increase this to 50. The default is 20. • Thread Default Alloc Size: This specifies the default number of threads allocated for a process request. Increasing this size may allow processes to complete more quickly. For managing more than 1000 devices, it is recommended that you increase this to 25. The default is 10. • Traps per Device in 1/2 Minute: This specifies the maximum number of traps that can be received from an individual device in 28 seconds. If more than this number of traps are received within a 28 second interval, the excess traps are dropped. • Total Traps Accepted per Minute: This specifies the maximum total number of traps that EPICenter can receive from all managed devices in 55 seconds. If more than this number of traps are received within a 55 second interval, the excess traps are dropped. When managing more than 1000 devices, increase this to 500. The default is 275, the maximum you can set is 500. • Syslog Messages per Device in 1/2 Minute: This specifies the maximum number of syslog messages that can be received from an individual device in 28 seconds. If more than this number of traps are received within a 28 second interval, the excess messages are ignored. • Total Syslog Messages Accepted per Minute: This specifies the maximum number of syslog messages that EPICenter can receive in one minute from all managed devices. If more than this number of messages are received within a one-minute interval, the excess messages are ignored. When managing more than 1000 devices, you should increase this to 500. The default is 275, the maximum you can set is 500. • Maximum Number of SNMP Sessions: This specifies the maximum number of concurrent SNMP sessions the server will run. Increasing this number may improve throughput from device polling. For managing more than 1000 devices, it is recommended that you increase this to 25. The default is 10. • Maximum number of CLI connections: This specifies the maximum number of simultaneous CLI connections that EPICenter can manage. The default is 30. NOTE You should not change the values for traps and syslog messages accepted unless the EPICenter server reports dropping lots of traps. Run the Server State Summary Report in the Reports applet to view the current performance metrics. SNMP Properties When you select SNMP from the drop-down menu field at the top of the properties panel, you can set the following properties: • Poll Interval: The interval, in minutes, between SNMP polls of a switch to fetch basic device status information. The default is five minutes. The range is one minute to one hour. You can disable all SNMP polling by setting this property to zero. NOTE This Poll Interval is not the same as the Device Polling Interval you can set through the Inventory Manager. The Device Polling Interval controls the frequency of polling for detailed device information such as software version, bootrom version, and so on. The polling interval set in the Administration applet controls only the basic SNMP status information necessary to ensure SNMP reachability, and is typically performed relatively frequently. EPICenter Software Installation and User Guide 367 Administering EPICenter • Timeout Period: The length of time, in seconds, to wait for an SNMP poll request to complete, in milliseconds, before timing out. The default is two seconds. The range is one to 10 seconds. This setting determines the time-out interval only for the first unsuccessful SNMP request; once a request times out, subsequent requests will time out more slowly, based on an exponential time-out back-off algorithm, until it reaches the maximum number of retries. • Number of Retries: The number of SNMP requests that should be attempted before giving up, for a request that has timed out. The default is one. • EPICenter Trap Receiver Port: The port on which EPICenter expects to receive traps. Default is port 10550. • Enable Edge Port Polling (checkbox): A check in this box indicates that edge port polling is enabled. Edge port polling is a background process the polls all ports identified as edge ports for a variety of information including FDB information, IP and MAC addresses, port status and port names. Edge ports are identified automatically and are distinguished from uplink ports based on the number of MAC addresses detected on the port (a port with five or fewer MAC addresses is considered an edge port). The default is enabled. • Poll Edge Ports Fast (checkbox): A check in this box speeds up the request for edge port device information. Using this option may cause a performance impact. To help mitigate this effect, you can limit the size of the downloaded FDB table using the Edge Port Maximum Table Size Setting. The default is not enabled. • Edge Port Poll Interval (hours): The minimum interval (in hours) between polls of an individual edge port. The longer the interval, the less performance overhead the EPICenter server will endure due to edge port polling, but the longer port information will go without being refreshed. The default is 12 hours. If you set an interval that is shorter than the time it takes to poll all the edge ports, then the actual interval may be longer than the interval you specify here. • Edge Port Maximum Table Size Setting: Specifies the maximum size of the FDB table downloaded by EPICenter. The default value is 1000 entries. The range is between 0 and 100000 entries, where 0 indicates that there is no maximum size. If the number of entries of the edge port FDB table exceeds the specified maximum, no further entries from the device are downloaded. Topology Properties Select Topology from the drop-down menu field at the top of the properties panel to set properties that affect the collection and display of RMON statistics in the Topology applet. • Enable Topology RMON Statistics Data Collection (checkbox): A check in this box enables the collection of RMON statistics in the Topology applet. The default is enabled, which means that RMON statistics will be collected for all devices that have RMON enabled in the device. To disable the collection of RMON Statistics, uncheck the checkbox. If this option is disabled, then no RMON statistics will be displayed on any maps, regardless of the setting of the Display RMON Statistics • Display RMON Statistics in new Maps by Default (checkbox): The display of RMON statistics on a map can be enabled or disabled for individual maps through a checkbox option in the Topology Map Properties window for each map. This server property specifies the default state of the RMON statistics display checkbox (labeled RMON Statistics) in the Topology Map Properties window. A check in this box specifies that by default the RMON Statistics option in the Map Properties window will be enabled. Thus, by default, RMON statistics will be displayed for all maps unless they are specifically disabled for an individual map. To disable the RMON statistics display for an individual map, you can uncheck the RMON Statistics option in the Map Properties window for that map. This option is disabled by default, meaning that the corresponding option in the Map Properties will be disabled by default. 368 EPICenter Software Installation and User Guide Server Properties Administration NOTE If Topology RMON statistics data collection is disabled, then this display option will have no effect. External Connection Properties When you select External Connection Properties from the drop-down menu field at the top of the properties panel, you can set the following properties: • Load Information from http://www.extremenetworks.com (checkbox): A check in this box specifies that EPICenter can automatically connect to the Extreme Networks website using an external (web) connection. The external connection is used by EPICenter to query the Extreme Networks website for the latest version and patch level of the EPICenter software, and compare the information to the version currently running. If a newer version is available, it is noted on the basic status page, displayed when you first launch EPICenter. • HTTP Proxy Device: The IP address or hostname of an HTTP proxy device used to connect to the Extreme Networks website if your network uses a firewall. When an HTTP proxy is configured, all HTTP connections are made through the proxy server rather than directly to Extreme Networks. • HTTP Proxy Port: The port number for the HTTP Proxy, used to connect to the Extreme Networks website if your network uses a firewall. Other Properties When you select Other from the drop-down menu field at the top of the properties panel, you can set the following properties: • DNS Lookup Timeout Period: The time-out period, in seconds, when performing DNS lookup operations for hosts found through DLCS or when importing (in the Grouping applet) from an NT Domain Controller. The default is one second. • Session Timeout Period: The non-activity time-out period, in minutes, after which the user is required to re-login to the EPICenter server. The default is 30 minutes. You can disable the time-out by setting the property to -1. • ServiceWatch URL: The URL for accessing ServiceWatch, to allow it to be launched from the EPICenter navigation toolbar, and to run in the main EPICenter applet window. For example, if ServiceWatch is running on a system named “tampico” at port 2000, you would enter http://tampico:2000 as the ServiceWatch URL. You must then restart the EPICenter server to activate the ServiceWatch integration. • IP QoS Rule Precedence: The starting value that the EPICenter server will use for setting precedence in the Policy Manager applet. This is an integer between 1 and 25,000. The default value is 10,000. Setting this value lets you ensure that policies created by EPICenter will have higher precedence than policies created through the ExtremeWare CLI. It is also useful in distinguishing between policies created through the CLI and those created through the EPICenter Policy Manager applet. • Client Port: The TCP port number that a client will use to connect to the EPICenter server. The default is 0, meaning that the server will use any available port. You can use this setting to specify a fixed port number that the EPICenter server will use. For example, if the EPICenter server is behind a firewall, you may need to provide a fixed port number to allow clients to connect thought the firewall. EPICenter Software Installation and User Guide 369 Administering EPICenter • Update Type Library on Server: This function updates the EPICenter type library, which is a repository of information about devices (primarily from Extreme Networks) that are supported by EPICenter. • Device Tree UI: A setting that specifies how devices are identified in the Component Tree and in selected other locations. You can choose to have the component tree show the device name only, the device name followed by the IP address in parentheses, of the device IP address followed by the device name in parentheses. The default is device name followed by the device IP address. • DHCP Temporary Lease: A setting that informs the server how long to wait before querying a switch for a netlogin or a permanent IP address from an 802.1x client. • Telnet Screen Width: The number of columns available on the screen for the Telnet application. The default number of columns is 80. The range is between 40 and 180 columns. • Device SSH Port: The TCP port number that EPICenter uses to connect with the switch. The default is port 22. • SSH2 Command Line: The path to the SSH2 client application. EPICenter supports the Open SSH client for UNIX and the plink.exe SSH client for Windows. • Enable SCP2 (checkbox): When selected, devices can use SCP2 for secure file transfers with the EPICenter server. Because SCP2 file transfers can be time consuming, you can disable this feature without disabling the use of SSH2 for secure Telnet sessions. • SCP2 Command Line: The path to the SCP2 client application. EPICenter supports the Open SSH SFTP client on UNIX and the pscp.exe SCP client on Windows. NOTE To configure SSH2 on a device, the device must be running a version of the ExtremeWare software that supports SSH2. For more information on configuring a device to use SSH2, see the ExtremeWare Software Users Guide. Distributed Server Administration If you have Administrator access, a Distributed Server license, and you have multiple EPICenter servers installed on your network, you can configure these servers to operate in a distributed server mode. Distributed Server mode allows multiple EPICenter servers, each managing their own sets of devices, to be designated as a server group, and to communicate status between the servers in the group. One server acts as a Server Group Manager, and the other servers act as server group members. Each server in the server group is updated at regular intervals with a list of other servers, and with network summary and status information from the other servers in the group. In distributed server mode, the EPICenter home page contains a status information from the other servers in the group in addition to the standard Network Summary report. NOTE The Distributed Server functionality is a separately-licensed feature of the EPICenter software. If you do not have a Distributed Server license, only Single Server mode is enabled. You will not be able to select either of the Server Group settings. 370 EPICenter Software Installation and User Guide Distributed Server Administration 1 Click the Distributed Server tab at the top of the page. The Distributed Server Administration page appears, as shown in Figure 184. Figure 184: Distributed Server Administration page Initially, the EPICenter server is configured as a single server. In single server mode, the server does not communicate with any other EPICenter servers. If you have a Distributed Server license, you can change its configuration to act as a server group member or as the server group master. Configuring a Server Group Member To configure your EPICenter server as a server group member: 1 Click the Server Member button in the Server Group Type panel at the top of the page. This enables the fields in the Server Group Member panel. 2 Enter the host name or IP address of the server that acts as the group manager in the Server Group Manager field. 3 Enter the port number to be used to communicate with the Server Group Manager. This port should match the HTTP port configured for the EPICenter server acting as the server group manager. The default is port 80. 4 Enter the shared secret in the Secret field. This string is a shared key by which the cooperating EPICenter servers recognize each other, and which they use for secure transmission of server data. The default shared secret is the string secret. EPICenter Software Installation and User Guide 371 Administering EPICenter NOTE If you change the secret for one EPICenter server, you must also change it for all of the other servers in the group. 5 Click Apply to have the configuration changes take effect. Configuring a Server Group Manager To function as the EPICenter Server Group Manager, the server must have a host name that is configured through DNS. To enable this EPICenter server as a server Group Manager, do the following: 1 Click the Server Manager button in the Server Group Type panel at the top of the page. This enables the fields in the Server Group Manager panel. 2 Enter the shared secret in the Secret field. This string is a shared key by which the cooperating EPICenter servers recognize each other, and which they use for secure transmission of server data. The default shared secret is the string secret. NOTE If you change the secret in one EPICenter server, you must also change it in all of the other servers in the group. 3 Enter the polling interval in minutes. This determines the frequency with which the Server Manager communicates information to the other server members of the EPICenter server group. The default is 10 minutes. 4 Add the other members of the server group to the server list: a Click Add to open the Add Server dialog box. b Enter the host name or IP address of the member server in the server field. A server member does not need to have a DNS-translatable host name. c Enter the port used to communicate with the server member. This must match the HTTP port configured for the member server d Click OK to add this server to the list, or Cancel to cancel the operation. Servers added to this list must be configured as server group members with this server as the Server Group Manager. 5 To delete a member server from the list, select the server and click Delete. 6 Click Apply to have the configuration changes take effect. 372 EPICenter Software Installation and User Guide 17 Dynamic Reports This chapter describes how to use the EPICenter Reports capability for: • Viewing predefined Network Summary Reports from the Home EPICenter page • Viewing predefined EPICenter status reports from the Dynamic Reports • Creating new reports by writing Tcl scripts Overview of EPICenter Reports The EPICenter software provides several sets of HTML-based reports that provide information about the devices managed by the EPICenter server. There are two types of these reports: • A Network Summary Report, available on the main EPICenter “Home” page, displayed when you first log in through the EPICenter client. • EPICenter Dynamic Reports, available separately from the main EPICenter client, or as an applet accessed from the client. The Network Summary Report provides summary statistics about the status of the devices being managed by the EPICenter server. This report can also be accessed from the Dynamic Reports Main page. EPICenter Dynamic Reports are a separate feature from the main EPICenter user interface. If you use a browser-based client, the reports can be accessed directly from the initial EPICenter Start-up page without logging in to the Java client interface. The Reports module can also be accessed from the EPICenter Navigation toolbar. The EPICenter dynamic reports are HTML pages that do not require Java capability, and thus can be accessed from browsers that do not have the ability to run the full EPICenter user interface. This means reports can be loaded quickly, even over a dial-up connection, and it also provides the ability to print the reports. EPICenter’s HTML reports are always displayed in a browser window, even if you are running the stand-alone client. See “Browser Requirements for Reports” on page 49 in Chapter 2 for supported browsers. EPICenter Software Installation and User Guide 373 Dynamic Reports Network Status Summary Report The Network Status Summary Report provides an at-a-glance summary of the status of the devices the EPICenter server is monitoring. The main report page, as shown in Figure 185, appears when you first log into the EPICenter client, and when you click the Home button at the top of the Navigation Toolbar. The Network Status Summary Report displays information about the overall health of the network. It also displays information on the current version of EPICenter running on the EPICenter service and compares the current version to the latest available version. Figure 185: Network Status Summary Report page 374 EPICenter Software Installation and User Guide Dynamic Reports Dynamic Reports A number of predefined reports present information from the EPICenter software database. The predefined reports include: • Network Status Summary Report (described in the previous section) • Server State Summary Report • Device Inventory Report • Slot Inventory Report • Device Status Report • VLAN Summary Report • Voice VLAN Summary Report • Interface Report • Unused Ports Report • Resources to Attribute Map • User to Host Mapping • Network Login Report • Alarm Log Report (not available if the alarm system is disabled) • Event Log Report • System Log Report • Configuration Management Log Report (not available if the configuration manager is disabled) The following reports are Java-based: • Interface Report • Alarm Log Report • Event Log Report • System Log Report • Configuration Management Log Report The Java-based reports can be sorted, filtered, and paginated, but they cannot be customized. The Tcl-based reports can be customized, and can serve as models for new reports. You can create your own reports by writing Tcl scripts that generate HTML code. See “Creating New Reports” on page 389 for details. The rest of the reports are generated by Tcl scripts. T EPICenter Software Installation and User Guide 375 Dynamic Reports You can access the EPICenter software Dynamic Reporting capability in one of two ways: • By clicking the Reports button in the EPICenter software Navigation Toolbar • By launching your Web browser and logging in directly from the EPICenter Start-up page To log in directly from the EPICenter software Start-up page, follow these steps: 1 Launch your Web browser. 2 Enter the following URL: http://<host>:<port>/ In the URL, replace <host> with the name of the system where the EPICenter server is running. Replace <port> with the TCP port number that you assigned to the EPICenter Web Server during installation. NOTE If you used the default web server port, 80, you do not need to include the port number. The EPICenter Start-up page appears. 3 Click View Reports in the left-hand panel of the Start-up page. The EPICenter Login page appears. 4 Enter your user name and password, and click Login. Use the same user name and password as you use to log in to the EPICenter system. The Dynamic Reports module is displayed. The main page includes a brief description of the predefined reports that are available. Viewing Predefined EPICenter Reports To view a predefined report, click the Reports button in the Navigation Toolbar. To go to the main EPICenter user interface from the Network Summary Report page, click the “About EPICenter” link at the bottom of the list. This displays the About EPICenter page. To exit from EPICenter, click the Logoff button in the Navigation Toolbar. This returns you to the EPICenter Start-up page. Report Filtering Five of the reports provide a filtering capability that lets you select the information that should appear in the report. This filtering capability lets you construct a two-part conditional statement based on the values of relevant variables in the EPICenter database. The following reports provide filtering: • Interface Report • Alarm Log • Event Log • Sys Log 376 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports • Config Mgmt Log These reports provide a set of fields at the top of the report similar to the ones shown in Figure 186. Figure 186: Report filter specification To create a filter, follow these steps: 1 In the first field, select the variable to use in the filter. The variables from which you can choose are based on the column headings in the report, and depend on the type of report you are viewing. 2 In the second field, select a comparison operator. You can choose from the following comparison operators: — > (greater than) — < (less than) — <= (greater than or equal) — >= (less than or equal) — != (not equal) — = (equal) — starts with — ends with — contains If the variable values are strings, then the comparisons are taken to indicate alphabetic order, where greater than indicates later in later in the alphabet (for example, the letter B is greater than A). 3 In the third field, select the value you want to compare the variable against. If the variable takes a string as its value, enter a string. If the variable is numeric, enter an integer. NOTE You can use the browser Copy and Paste functions to copy a specific value from the current report into the comparison field. 4 In the fourth field, you can indicate whether the second condition should be used. To use a second condition to your filter, choose one of the logical operators And or Or. Specify And to include a row in the report only if both conditions are true. Select Or to include the row if either one (or both) of the conditions are true. If you do not want to include a second condition, select NIL to indicate that the second clause should be ignored. 5 Click Filter to generate the report based on the filter you have specified. Click Remove Filter to remove the filter definition and generate an unfiltered report. EPICenter Software Installation and User Guide 377 Dynamic Reports Server State Summary Report The Server State Summary Report displays statistics about configured servers, SNMP activity, thread and SNMP session pools, database activity, the ports used by the EPICenter server, and EPICenter licenses. The report provides the following information. The first table in the report shows the status of the servers known to EPICenter and whether they are enabled or disabled, and running or stopped: • TFTP Server • Syslog Server • Radius Server The second table in the report provides the number of operations that have occurred in the last minute, the last hour, and the last day (24 hours) for the following operations: • SNMP Queries—Number of SNMP queries performed by the EPICenter server • Database Commits—Number of database commits performed by the EPICenter server • Client Requests—Number of data requests to the EPICenter server performed by all connected clients • Trap Requests—Number of trap PDUs received by the EPICenter server • Syslog Messages—Number of syslog message received by the EPICenter server The third table in the report shows scalability statistics for the thread pool and the SNMP session pool: Thread Pool Statistics • Pool Size—Thread pool size for the threads that are used to perform server operations (for example, reading data from a device or configuring the devices) • Default Allocation Size—Number of threads used to perform a single operation (for example, running a Telent macro across a number of devices) • Currently In Use—Number of threads currently in use • Maximum In Use at Once—Maximum number of threads that are in use at one time • Total # of Requests—Total number of times a thread is requested to perform an operation in the server • Total # of Wait For Thread—Total number of times the server has to wait for a thread to become available • Percentage Wait per Request—Percentage of total wait versus total request for threads SNMP Session Pool Statistics • Pool Size—Maximum number of allowed SNMP access sessions to the devices • Default Allocation Size—Not applicable • Currently In Use—Number of SNMP access sessions currently in use • Maximum In Use at Once—Not applicable • Total # of Requests—Total number of times an SNMP object is requested to perform an operation in the server 378 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports • Total # of Wait For Thread—Total number of times the server has to wait for an SNMP object to become available • Percentage Wait per Request—Percentage of total wait versus total number of requests for SNMP objects The fourth table in the report shows the ports currently in use by the EPICenter server. • Web Server—Port currently used by the EPICenter web server. • Trap Receiver—Port currently used by the EPICenter server to receive traps • Radius Server—Port currently used by the RADIUS server • Telnet—Port currently used for Telnet • Database—Port currently used for EPICenter database communication • Web Server Admin—Port currently used EPICenter web server administration The Web Server, Trap Receiver, Radius and Telnet ports can be changed through the Administration applet, if you have administrator-level access to EPICenter. See Chapter 16 for more information. If you are running under Windows 2000 or Windows XP, you can use the Port Configuration Utility, accessible from the Programs menu, to change the database port. See Appendix B for details on the utility. The fifth table in the report shows the status of licenses (licensed or not licensed) that are supported by the EPICenter server: • EPICenter Server—License for the EPICenter server • Unlimited Nodes—License to have unlimited nodes • Distributed Server—License for the Distributed Server • Policy—License for the EPICenter Policy Manager • Voice Over IP—License for Voice Over IP (If you have a license for Voice Over IP, you will see this row in the table.) Device Inventory Report To view a Device Inventory Report, click the Device Inventory link in the left-hand panel. The Device Inventory Report displays basic status and identification information for the device groups and devices known to EPICenter. The initial display presents summaries at the Device Group and the device type level. A drill-down report, called the Device Details report, contains the same information you can view in the Inventory applet. Device Group Summary The Devices by Group table displays the following information: • Device Group—Name of the device group • Description—Description of the group as kept in the EPICenter device inventory • Quantity—Number of devices in the group EPICenter Software Installation and User Guide 379 Dynamic Reports Select a Device Group or All Devices to display the Device Summary report for the devices in the group. The Device Summary report displays the following information about each device: • Group—All EPICenter Device groups to which it belongs (this is displayed only if you select All Devices) • Name—Name of the device from the sysName variable • IP Address—IP address of the device Click the IP address to display a table with detailed configuration and status information. This is the same information you can view in the Inventory applet. • Type—Type of device • Location—Device location from the sysDescr variable • MAC—MAC address of the device • Serial Number—Device serial number • Current Image—Software version currently running on the device, if known Click the heading of a column to sort on the contents of that column. Device Type Summary The Devices by Type table displays the following information: • Device Type—Type of device • Quantity—Number of devices of this type known to EPICenter Select a device type or All Devices to display the Device Summary report. The Device Summary report displays the following information about each device: • Device Group—All the EPICenter Device Groups to which it belongs • Name—Name of the device from the SNMP sysName variable • IP Address—IP address of the device Click the IP address to display a table with detailed configuration and status information. This is the same information you can view in the Inventory applet. • Type—Type of device (this is displayed only if you select All Devices) • Location—Device location from the sysDescr variable • MAC—MAC address of the device • Serial Number—Device serial number • Current Image—Software version currently running on the device, if known Click the heading of a column to sort on the contents of that column. 380 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports Slot Inventory Report To view a Slot Inventory Report, click the Slot Inventory link in the left-hand panel. The Slot Inventory Report displays basic status and identification information for the slots and module cards known to EPICenter. The initial display presents a summary of module card types and empty slots. This includes the following information: • Card Types—Type of module cards and empty slots known to EPICenter • Quantity—Number of modules of a certain type, all module cards, and the number of empty slots known to EPICenter Card Summary Report Select a Card Type or All Cards to display the Card Summary report for the modules known to EPICenter. The Card Summary report displays the following information about each module: • Device Group—Name of all the device groups • Device Name—Name of the device from the sysName variable • Device Address—IP address of the device • Device Location—Device location from the sysDescr variable • Card Type—Type of module card (this is displayed only if you select All Cards) • Slot Name—Number or letter of the slot where the module card is installed • Card Serial Number—Module card serial number Click the heading of a column to sort on the contents of that column. Empty Slots Report Select Empty Slots to display the Empty Slots summary report for the empty slots known to EPICenter. The Empty Slots summary report displays the following information about the empty slots: • Device Group—Name of the device group • Device Name—Name of the device from the sysName variable • Device Address—IP address of the device • Device Location—Device location from the sysDescr variable • Empty Slots—Number or letter of the empty slot(s) on the device Click the heading of a column to sort on the contents of that column. EPICenter Software Installation and User Guide 381 Dynamic Reports Device Status Report To view a Device Status Report, click the Device Status link in the left-hand panel. This displays the device status and failure log for all devices known to EPICenter. The initial display presents a summary at the Device Group level. This includes the following information: • Group—Name of the device group • Description—Description of the group as kept in the EPICenter device inventory • Alarms Generated—Total alarms for all devices in the device group • Devices Up—Number of devices in the group that are up • Devices Not Responding—Number of devices in the group that are not responding • Devices Marginal—Number of devices in the group whose operation is marginal. • Devices Offline—Number of devices in the group that are offline. Select a Device Group to display the Device Status Report for the devices in the group. The Device Status report displays the following information: • Device Group—Name of the device group • Device Name—Name of the device from the sysName variable • IP—IP address of the device • Status—The status of the device. Choices include operational, offline, marginal, and not responding • Last Failure (Local Time Zone)—Time at which the most recent device failure occurred (based on the local time zone of the EPICenter server) • Down Period (d:h:m:s)—Length of time the device was unreachable, reported in days:hours:minutes:seconds • Boot Time (Local Time Zone)—Time when the device was last booted (based on the local time zone of the EPICenter server) • Alarms in last 24 hours—Number of alarms in the last 24 hours from this device If the number of alarms is greater than zero, you can click on the number to display a summary of the alarms that have occurred for this device. Click the heading of a column to sort on the contents of that column. VLAN Summary Report To view a VLAN Summary Report, click the VLAN Summary link in the left-hand panel. This displays a report of the VLANs known to EPICenter. The information reported includes: • VLAN Name—Name of the VLAN • Tag—802.1Q tag, if any • Protocol—Protocol used to filter packets for this VLAN • Device List—IP addresses of devices with QoS profiles configured for this VLAN Select a VLAN to display the VLAN Details report for a VLAN. 382 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports The VLAN Details report displays the following information: • Device Name—Name of the device that the VLAN is a member of • IP Address—IP address of the device that the VLAN is a member of • VLAN IP—IP address assigned to the VLAN • Tagged Ports—List of 802.1Q tagged ports • Untagged Ports—List of untagged ports • # Tagged Ports—Number of tagged ports • # Untagged Ports—Number of untagged ports • #10/100 Ports—Number of 10/100 ports • # Gig Ports—Number of Gigabit ports • # Active Ports—Number of active ports See Chapter 13 for more information on VLANs. Voice VLAN Summary Report To view a Voice VLAN Summary report, click the Voice VLAN Summary link in the left-hand panel. This displays a report of the voice VLANs known to EPICenter. The information reported includes: • VoIP VLAN Name: Name of the VLAN • Device List: IP addresses of devices with ports that are members of this VLAN, and the QoS Profile configured for this VLAN on each device Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN. The Voice over IP Details report displays the following information: • Device Name: Name of the device • IP Address: IP address of the device • VLAN IP: The IP address and subnet mask assigned to the VLAN (if any) on the switch • Egress Port List: The ports specified as Egress ports for the VoIP VLAN • Number of Phone Ports: The number of ports that are available for use as IP phone ports Click the VLAN name to display a detailed report for an individual VLAN. Interface Report To view a device interface report, click the Interface Report link in the left-hand panel. This displays a report on the status of every port known to EPICenter. The information reported for each interface includes: • IP Address—IP address of the interface • Port—Port number of the interface • Port Name—Port name of the interface • AdminStatus—Interface administrative status (enabled/disabled) • OperStatus—Operational status of the interface (ready/active) EPICenter Software Installation and User Guide 383 Dynamic Reports • Configured Speed/Type—Nominal (configured) speed of the interface • Actual Speed/Type—Actual speed of the interface • Edge/Uplink—Edge or uplink port interface Since the EPICenter server may be aware of many hundreds of ports, the interface information is displayed in groups of 25 ports per page. You can navigate among the pages using any of the following methods: • Clicking the Previous and Next links • Selecting a page number from the at the top of the report • Clicking the First or Last links to display the first or last page in the report The list of ports is sorted initially by IP address. Click the heading of a column to sort the report based on the contents of that column. For example, to sort by operational status, click on the OperStatus heading. You can filter the ports that are displayed by constructing a conditional filter using the fields at the top of the page. This lets you construct a two-clause filter statement in the form shown in Figure 187. Figure 187: Device Ports filter specification You can filter on any of the variables shown in the report. Resource to Attribute Mapping Report The Resource to Attribute Mapping Report displays a list of all the resources that include the specified attribute. Click the Resource to Attribute Mapping link in the left-hand panel to display the attribute selection field. Then select an attribute from the pull-down list, as shown in Figure 188. Figure 188: Attribute specification for Resource to Attribute Mapping report 384 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports The pull-down list shows a set of system-defined attributes used by the Policy Manager, along with any attributes you have added to resources through the Grouping Manager. The system-defined attributes (IP, UDP Any, TCP Any, TCP Permit-Established Any, IP Any, L4 Port, and IP Address) have static definitions and are used internally by the EPICenter Policy Manager. User-defined attributes are created within the Grouping Manager, either by adding them to a resource through the user interface, or by importing them. For the attribute you select in the pull-down menu, the report displays the following information: • Resource Type—Type of the resource (such as device, user, host, or group) • Resource Name—Name of the resource that includes the selected attribute • Attribute Value—Value of the attribute associated with the resource Unused Ports Report The Unused Ports report provide information about inactive ports for a particular device. To get an unused ports report, select the following: • Vlan—Select all VLANs or the name of a particular VLAN • Device Group—Select all groups or the name of a particular device group • Inactive Days—Enter the number of days of inactivity for the requested port(s) • Inactive Hours—Enter the number of hours of inactivity for the requested port(s) When you complete your selections, click Submit. The report can be saved in csv or xml format, or shown in a single page, and shows the following: • Device Name—Name of the device on which the port resides • IP Address—IP Address of the device on which the port resides • Inactive Ports—Inactive ports on the device • Groups—Device groups to which this device belongs • Location—Location of the device Click the heading of a column to resort the display. User to Host Mapping Report The User to Host Mapping Report displays a list of any user and host mappings that are currently defined, along with the primary IP address of the host. User-host mappings can be created in the Grouping Manager, and can also be created automatically if the Dynamic Link Context System (DLCS) is enabled on your Extreme devices. Click the User to Host Mapping link in the left-hand panel to display the attribute selection field. The report displays the following information: • User Name—User name • Host Name—Name of the host mapped to the user • Host IP Address—Primary IP address of the host EPICenter Software Installation and User Guide 385 Dynamic Reports Network Login Report The Network Login Report provides information about 802.1x and HTTP login activity. The HTTP network log is Extreme-specific. The report displays the following information: • Device Name—Name of the device • IP Address—IP address of the device • Network Login Activity—802.1x Network Login activity that has occurred on this device. Click the heading of a column to resort the display. Alarm Log Report To view an Alarm Log Report, click the Alarm Log link in the left-hand panel. This displays a report of all the entries in the EPICenter Alarm Log. The information reported includes: • Time—Time the alarm occurred (local time of the EPICenter server) • Name—Name of the alarm • Severity—Severity level of the alarm • Source—IP address of the device that generated the alarm • Category—Category that the alarm is classified under • Ack’ed (acknowledged)—Whether the alarm has been acknowledged (1 is acknowledged, 2 is not acknowledged) • Event #—Event ID of the alarm (assigned by the EPICenter server when the alarm is received) • Message—Message associated with the alarm The alarm information is displayed in groups of 25 alarm events per page. You can navigate among the pages using any of the following methods: • Clicking the Previous and Next links. • Selecting a page number from the at the top of the report. • Clicking on the First or Last links to display the first or last page in the report. The report is sorted initially by the Time that the alarm occurred. Click the heading of a column to sort on the contents of that column. You can filter the alarms that are displayed by constructing a conditional filter using the fields at the top of the page. This lets you construct a two-clause filter statement in the form shown in Figure 189. Figure 189: Alarm Log filter specification You can filter on any of the variables shown in the report. For more details on the meaning of these variable, see Chapter 5. 386 EPICenter Software Installation and User Guide Viewing Predefined EPICenter Reports Event Log Report To view an Event Log Report, click the Event Log link in the left-hand panel. This displays a report of all the entries in the EPICenter Event Log. The information reported includes: • Event #—Event ID of the event (assigned by the EPICenter server when the event is received) • Count—Number of consecutive events (if the same trap occurs at the same time and is received multiple times, only one event is created and the count displays the number of traps) • Time—Time the event occurred (local time of the EPICenter server) • Source—IP address of the device and port number (if applicable) that generated the event • Type—Event type (for example, SNMP Trap) • Varbinds—Variable data transmitted with a trap The event information is displayed in groups of 25 events per page. You can navigate among the pages using any of the following methods: • Clicking the Previous and Next links • Selecting a page number from the at the top of the report • Clicking the First or Last links to display the first or last page in the report Click the heading of a column to sort on the contents of that column. You can filter the events that are displayed by constructing a conditional filter using the fields at the top of the page, as shown in Figure 190. This lets you construct a two-clause filter statement. Figure 190: Event Log filter specification You can filter on any of the variables shown in the report. You can use the browser Copy and Paste functions to copy a specific value from the current report into the comparison field. This is particularly useful if you want to filter on a specific Varbinds value. System Log Report To view a System Log Report, click the Sys Log link in the left-hand panel. This creates a report of all of the entries in the System Log. The information displayed includes the following: • Event #—Event ID of the syslog entry (assigned by the EPICenter server when the syslog is received) • Time—Time the syslog is received by EPICenter (local time of the EPICenter server) • Source—IP address of the device that generated the syslog entry • Facility—Syslog facility field EPICenter Software Installation and User Guide 387 Dynamic Reports • Severity—Syslog severity field • Message—Syslog message The event information is displayed in groups of 25 events per page. You can navigate among the pages using any of the following methods: • Clicking the Previous and Next links • Selecting a page number from the at the top of the report • Clicking the First or Last links to display the first or last page in the report Click the heading of a column to sort on the contents of that column. You can filter the events that are displayed by constructing a conditional filter using the fields at the top of the page, as shown in . This lets you construct a two-clause filter statement. Figure 191: System Log filter specification Configuration Management Log Report To view a Configuration Management Log Report, click the Config Mgmt Log link in the left-hand panel. This creates a report of all the entries in the Configuration Management Log. The information displayed includes the following: • Time—Time when the activity occurred (local time of the EPICenter server) . • Device—IP Address of the device. • Activity—Activity that occurred, such as uploading a configuration file, updating a software image, and so on. The actual entries will be abbreviated in form similar to “Get Cfg From Device” or “Put Cfg To Device.” • Status—Status of the activity (Success or Failed). • File—Name of the file involved in the upload or download. • Descr—Description of the problem for a failed activity. Click the heading of a column to sort on the contents of that column. You can filter the management activity events that are displayed by constructing a conditional filter using the fields at the top of the page, as shown in Figure 192. This lets you construct a two-clause filter statement. 388 EPICenter Software Installation and User Guide Printing EPICenter Reports Figure 192: Configuration Management Log filter specification You can filter on any of the variables in the report. Printing EPICenter Reports Unlike the other EPICenter applets, you can print EPICenter reports using your browser’s print function. To print a report, place the cursor in the pane where the port is displayed, and use the browser’s Print button, or the Print command from the File menu, to initiate the print. You can also use the show all link to print all data from a large .html page. Exporting Reports Some of the EPICenter reports can be exported to either .csv or .xml format. Exporting reports allows you to use various software applications to manipulate the data. The following reports can be exported: • Device Inventory • Slot Inventory • Interface Reports • Unused Ports • Network Login • Alarm Log • Event Log • Sys Log • Config Management Activity Log From the main Reports page, you can generate a report to be used by Extreme Networks eSupport using by selecting the group and clicking Export. Creating New Reports The EPICenter software allows you to customize the existing EPICenter dynamic reports, and to define new reports. Because the reports use HTML and Tcl, you can incorporate the new or modified reports into the running EPICenter server without requiring a restart. In addition, the EPICenter software includes features that aid in debugging user changes. EPICenter Software Installation and User Guide 389 Dynamic Reports All the files needed to create or modify reports can be found in the directory <epicenter_install_dir>/user/reports, where <epicenter_install_dir> is the directory where the EPICenter software resides (by default c:/Program Files/Extreme Networks/EPICenter 4.1) in the Windows operating environment, or /opt/extreme/epc4_1 on a Solaris system). There are two subdirectories under the reports directory: • The html directory contains the HTML files displayed by the EPICenter server. The HTML files in the reports directory have the following functions: — index.html sets up the various frames for the browser display. It references menu.html to define the menu on the left-hand side, and body.html for the content in the main panel of the window. — menu.html defines the menu items for the predefined reports, and includes links to the html files that generate the reports. This is a generated file. You can use this file in a customized report, but it is not user-modifiable. — body.html defines the content that appears in the main panel of the window when the Reports feature is requested, either from the EPICenter software Start-up window, or from the icon on the Navigation Toolbar. Modify this file if you want to change or add to the list of Reports and their descriptions. — color1.html defines the color of the bar at the top of the main content window. This is a generated file. You can use this file in a customized report, but it is not user-modifiable. — epistylesheet.css contains the style definitions used in the menu and main body frames. — reportstylesheet.css contains the style definitions used in the reports themselves. To change the look of all reports, you can modify this stylesheet. — The remaining files, such as device_summary.html, and vlan_summary.html, define a number of the actual reports available from the Reports module. Note that some of the reports (the Interface Report and the four Log reports) are not user-modifiable, and are not included in the HTML directory. • The tcl directory contains the following: — The Tcl methods available for creating new reports — The source code for the existing reports The information presented in the remainder of this chapter assumes you have a reasonably thorough understanding of both HTML and Tcl scripting. 390 EPICenter Software Installation and User Guide Creating New Reports Creating or Modifying a Report You can modify an EPICenter report HTML file in any HTML editor, such as Microsoft FrontPage. You can modify the existing HTML files to change the look and feel of the report, your icons, etc. The vlan_summary.html file is a good example. <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>EPICenter - Vlan Reports</title> <LINK REL=STYLESHEET HREF="reportstylesheet.css" TYPE="text/css"> </head> <BODY bgcolor="#ffffff" marginwidth="20" marginheight="0" leftmargin="20" topmargin="0"> <TABLE border="0" cellspacing="0" cellpadding="0" height="120px"> <TR valign="bottom"><TD> <H2>Vlan Reports</H2> </TD></TR> <TR valign="top"><TD> Information is available about the following vlans in EPICenter:<br> Report generated on <extr>clock format [clock seconds]</extr></TD></TR> <TR valign="bottom"><TD><P><img src="images/green.gif" width=650px height=3px></P> </TD></TR> </TABLE> <BR> <!-- xxxxxxxxxxxxxxxxxxxxxxxxx --> <p><font size="3"><extr>ShowVlanSummaryList</extr></font></p> <p><font size="3"></font> </p> <p><font size="3"></font> </p> </body> </html> The vlan_summary.html file is just like a standard HTML file with one exception: it has a new pair of tags, <extr> ... </extr> which are specific to the EPICenter report server. The EPICenter report server treats everything defined between these tags as Tcl code. The report server executes this code dynamically when it generates the report (upon a user request through the browser). You can use any standard Tcl constructs between these tags, and you can also use methods defined in the “extr” package (extr.tcl). extr.tcl defines a set of methods to obtain information from the EPICenter software database. Appendix D defines a number of database views that contain information that may be useful in creating reports. EPICenter Software Installation and User Guide 391 Dynamic Reports In addition, you can define new methods in any Tcl file in the <epicenter_install_dir>/user/reports/tcl directory, and use those methods inside the HTML file within the <extr> and </extr> tags. A number of reports have been defined for use as examples. Look at the various HTML files to understand how <extr> tags are used within HTML files. Look at the methods defined in the file user/reports/tcl/examples.tcl for details on using these methods to generate the data that will become a part of the generated report. Some utility methods have been provided in commands.tcl to help parse the result that comes back from the EPICenter software API. In general, the Tcl methods defined here will generate well-formatted HTML. Everything between the <extr> and </extr> tags is replaced by HTML code generated by the embedded Tcl code. Using this method, you can generate lots of new reports quickly, and without disrupting the EPICenter software server. Adding a User-Defined Report to the Reports Menu To add a new user-defined report to the report menu, simply place the HTML file into the <epicenter_install_dir>/user/reports/html/userdefined directory. The EPICenter server automatically creates a link on the Reports menu for files in the userdefined directory. It will use the report file names as the report names. They will appear below the heading User Defined Reports at the bottom of the left-hand panel of the Reports page. The file names must conform to two restrictions: • They must use .html as the extension. .htm is not supported. • The file name may not contain spaces. If you want to create a set of hierarchical reports, you can create a subdirectory under the userdefined directory to contain subordinate HTML files that should not have a direct link from the Reports menu. NOTE If you put files into the userdefined directory that were originally in the <epicenter_install_dir>/user/reports/html directory, be sure you also copy the report stylesheet (reportstylesheet.css) into the userdefined directory. Debugging The EPICenter software provides a mechanism that you can use to debug any Tcl procedures you write. Debugging is done in the Tcl shell that is shipped with the EPICenter software. You do not need to view your reports through a browser to debug them. To debug Tcl code you have created or modified, follow these steps: 1 Run <epicenter_install_dir>/tcl/bin/tclsh83d.exe to invoke the Tcl shell. 2 Change to the <epicenter_install_dir>/user/reports/tcl directory. 392 EPICenter Software Installation and User Guide Creating New Reports 3 Execute the command source extrdebug.tcl within the Tcl shell. This sets up the Tcl packages required, and also establish a connection with the database using the EPICenter software external API. 4 Now, run the command extr::ExecuteExtrCommand which parses your Tcl code and displays the resulting HTML file. ExecuteExtrCommand takes the following arguments: — The name of the HTML file that will generate the report. — A string containing the parameter that should that should be available to the HTML file. The values for the parameters can be obtained in the various Tcl methods using extr::GetSessionParam You must ensure that the appropriate environment variables are set to allow access to Tcl. These should be set as follows: For Windows 2000 and Windows XP, set variables as follows: TCL-LIBRARY=<epicenter_install_dir>/tcl/lib/tcl8.3 PATH=$PATH:<epicenter_install_dir>/tcl/bin For Solaris, set the LD_LIBRARY_PATH variable as follows: LD_LIBRARY_PATH=<epicenter_install_dir>/tcl/lib/tcl8.3 EPICenter Software Installation and User Guide 393 Dynamic Reports Useful Methods for Debugging The GetfromDB, ExecuteExtrCommand and GetSessionParam methods are defined as follows: ##################################################################### # extr::GetFromDB # Used to make any SQL query to the database through the # Epicenter server. The result is a SQL result table, # formatted within HTML tags. # # Arguments # A string representing an SQL query. # An optional callback function that is executed for each row of data # Returns # The result table of an SQL query embedded in HTML tags. # ##################################################################### ##################################################################### # extr::ExecuteExtrCommand # This is the public method typically used during debugging. # When a user wants to run an HTML file through the reporting # engine, to generate dynamic html, s/he calls this method. # Users will need to use this method only during debugging. # # Arguments # filePath This is the fully specified path of where to # find the HTML file that has embedded <extr> tags. # params A string containing params and their values that # should be available to the procedures in the HTML files. # The parameters are specified as in HTML. i.e. the param # is a string of type "param1=value1¶m2=value2" # # Returns # The result of executing the command. Typically this is parsed HTML. # ##################################################################### ##################################################################### # extr::getSessionParam # Used in reports to get the value of a specific parameter # that was passed into the reporting system. # This method, along with GetFromDB form the two most # commonly used routines by users of the reporting system. # The params passed into ExecuteExtrCommand are available # through this method. # # Arguments # param A param name. This should be one of the params # that was passed into ExecuteExtrCommand. # Returns # The value of the parameter. Returns "" if param was not defined. # ##################################################################### 394 EPICenter Software Installation and User Guide 18 Voice over IP Manager This document describes how to use the optional EPICenter Voice over IP Manager applet for: • Configuring VLANs for use with IP phone sets • Configuring QoS profile and priority settings for VoIP VLANs • Computing the minimum and maximum bandwidth settings for the QoS profile used with a VoIP VLAN Overview of Voice Over IP Management The Voice over IP Manager module enables you to configure quality of service parameters for VLANs that are used for Voice over IP traffic. You can identify the VLANs that contain IP phone ports, specify which ports in the VLAN are the egress ports for VoIP traffic, and configure the priority and bandwidth parameters for those VLANs. The VoIP applet computes the minimum bandwidth required for acceptable VoIP performance based on the number of VoIP phone ports in combination with the compression rates used in the IP phones for coding/decoding voice traffic. The VoIP applet can then configure the appropriate QoS settings on the switches on which the VoIP VLANs reside. The EPICenter VoIP module is a separately-licensed component of the EPICenter product family. When a VoIP applet license is installed on the EPICenter server, the VoIP icon appears in the Navigation Toolbar at the left of your browser window. If no icon is present, it indicates that no current license can be found for the VoIP module. See the EPICenter Software Installation and User Guide or the EPICenter Release Note and Quick Start Guide for information on obtaining and installing a license. Viewing VoIP VLAN Settings To view the VLANs configured for Voice over IP, click the Voice over IP button in the EPICenter Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 193. EPICenter Software Installation and User Guide 395 Voice over IP Manager NOTE If you have not yet selected any VLANs for Voice over IP, the Voice VLANs page will be empty. See “Selecting VLANs for VoIP” on page 397 for instructions on selecting VLANs for VoIP traffic. Figure 193: Voice over IP main page showing VoIP VLANs The Voice over IP window initially displays the Voice VLANs page. Only VLANs selected for Voice over IP are shown in this table. A message at the bottom of the window indicates how many VLANs have been configured for Voice over IP. If you have selected VLANs to carry VoIP traffic, this page shows a summary of the configuration, switch by switch, of every VLAN that has been selected. For each switch and VLAN, this table shows the following information: • VLAN: The name of the VLAN. This may appear in the list multiple times if the VLAN is configured on more than one switch. • IP Address: The IP address assigned to the VLAN on the switch. This may be blank if the VLAN does not have an IP address assigned (as is the case with the Default VLAN). • Switch: The name of the switch. • QoS Profile: The QoS profile assigned to this VLAN on this switch. • Priority: The priority associated with the QoS profile. • Min Bw: The minimum bandwidth for this QoS profile. • Max Bw: The maximum bandwidth for this QoS profile. 396 EPICenter Software Installation and User Guide Selecting VLANs for VoIP When the root node is selected in the component tree (Voice over IP VLANs) the display shows all VoIP VLANs and their included devices. If you select an individual VLAN in the Component Tree, the display shows only the devices that include the selected VLAN. The Select button at the top of this window lets you select VLANs for Voice over IP. The QoS Settings tab lets you view VoIP VLAN QoS settings, change the configuration, and automatically calculate the minimum bandwidth required. Selecting VLANs for VoIP The VoIP Manager module assumes that you have already created the VLAN(s) for your VoIP phone ports. A VoIP VLAN should include both the edge switches that contain the actual IP phone ports, and any core switches that lie between the edge and the Call Manager or PBX. You can use the EPICenter VLAN Manager module to create a VLAN for your voice over IP network, if you have not already done so. A VLAN that will be used with VoIP traffic should use protocol IP or Any, and may be tagged or untagged. If you add a new device to an existing VoIP VLAN (for example, to expand the number of IP phones) the new device will not be configured automatically as a VoIP VLAN. You will need to select the VLAN on the new device, and then configure the VoIP settings on that device. 1 To select the VLANs to configure for Voice over IP, click the Voice over IP button in the EPICenter Navigation Toolbar. The main Voice over IP window appears, as shown in Figure 194. Figure 194: Voice over IP applet, main page EPICenter Software Installation and User Guide 397 Voice over IP Manager When you run the VoIP applet for the first time, and have not yet selected any VLANs for VoIP, the table shown on this page will be empty. 2 Click the Select button at the top of the VoIP window. This displays the Select Voice over IP VLANs window, as shown in Figure 195. Figure 195: Select Voice over IP window In this window you can select individual VLANs, and enable or disable VoIP for that VLAN. The Select Voice over IP VLANs table shows information about each switch in the selected VLAN: • Enabled: A green check indicates that this switch is selected as part of the VoIP VLAN. A red X indicates that this device has not been selected (or has been deselected). As a rule, all devices in the VLAN will be enabled or disabled for VoIP, and switches cannot be enabled or disabled individual. However, if a device is added to the VLAN after the VLAN has been enabled, that switch will not be enabled until you re-enable the entire VLAN. • IP Address: The IP address assigned to the VLAN on the switch. This may be blank if the VLAN does not have an IP address assigned (as is the case with the Default VLAN). • Switch: The name of the switch. • QoS Profile: The QoS profile assigned to this VLAN on this switch. • Priority: The priority associated with the QoS profile. • Min Bw: The minimum bandwidth for this QoS profile. • Max Bw: The maximum bandwidth for this QoS profile. The VoIP Manager applet assumes that you have already set up the VLANs you will be using for your VoIP traffic. 3 To display a VLAN, pull down the list of VLANs from the All VLANs field at the top of the window, and select a VLAN, as shown in Figure 196. 398 EPICenter Software Installation and User Guide Selecting VLANs for VoIP Figure 196: Select Voice over IP window with Disabled VLAN NOTE Although the device-created VLANs (Default, Mgmt and MacVlanDiscover) can be selected as VoIP VLANs, it is not recommended that you use these for voice traffic. Configuring the QoS profiles could conflict with other uses of those VLANs. 4 To enable VoIP on a VLAN, click the Enable VoIP button. This will select this VLAN as a VoIP-enabled VLAN, and will save this setting in the EPICenter database. To disable VoIP on a VLAN, click the Disable VoIP button. This will remove this VLAN as a VoIP-enabled VLAN, and will save this setting in the EPICenter database. NOTE Any devices added to the VLAN after the VLAN has been configured for VoIP are not automatically configured for VoIP. You must return to the VoIP applet and configure the new device. 5 Click Close to close the window. NOTE When you disable a VLAN, the VoIP settings for the devices in the VLAN remain in the EPICenter database. Therefore, if you re-enable the VLAN at a later time, the same settings (such as egress ports and QoS profile settings) will still apply. The VoIP VLAN settings for a device will be deleted from the database only when the device is removed from the EPICenter inventory, or if the VLAN itself is deleted. Only VoIP-enabled VLANs appear in the list of VoIP VLANs in the main VoIP window. EPICenter Software Installation and User Guide 399 Voice over IP Manager QoS Settings for a VoIP VLAN For each Voice over IP VLAN, you can specify the compressions algorithm and QoS profile settings that should be used for the VLAN. In addition, you can indicate which of the ports within the VLAN are the egress ports for the VoIP traffic. To manipulate the settings for a VoIP VLAN, do the following: 1 Select the QoS Settings tab in the main VoIP window. 2 Select one of the VoIP VLANs from the Component Tree at the left hand side of the window. The QoS Settings for the selected VLAN are displayed, as shown in Figure 197. Figure 197: QoS Settings page for a VoIP VLAN The top portion of the QoS Settings page shows the current QoS settings for each switch in the VLAN. If you configure new settings using the Configure VoIP QoS Parameters dialog, the settings shown in this part of the display may change to reflect the new settings. The bottom portion of the QoS Settings page shows the default configuration attributes (compression algorithm, priority and QoS profile) for the selected VLAN. It also displays all the ports that are members of the VLAN, including the ports you have selected as egress ports. You can use these lists to indicate which ports in the VLAN are the egress ports. 400 EPICenter Software Installation and User Guide QoS Settings for a VoIP VLAN Default Configuration Attributes The default configuration settings are used in the calculation of the minimum bandwidth for the VLAN, and can also be used to configure all switches in the VLAN automatically. As an alternative, you can you specify settings for individual switches in the VLAN and configure the devices individually. The default configuration settings are saved in the EPICenter database; individual switch settings are not. The Default Configuration Attributes display shows the following information: • Max # of Phones: This shows the number of ports that are available for use as IP phone ports. This number is calculated as the total number of ports in the VLAN minus the number used as egress ports. • Compression Algorithm: This specifies the speech encoding/decoding algorithm that is being used by the IP phone sets you have connected to this VLAN. You can select from the following algorithms: — G.729: encodes speech at 8 Kbps — G.711: encodes speech at 64 Kbps (uncompressed). This is the default. — G.723.1: encodes speech at 6.4 Kbps — Other: If you select this, you must set a compression rate in the Configure VoIP Parameters dialog. Select the setting that matches the configuration of your IP phones. The setting you select does not actually affect the compression algorithm used, since this is done in the IP phone itself, but is used to compute the minimum bandwidth for the QoS profile settings for this VLAN. You can modify this setting for individual switches using the manual QoS configuration process. You may need to do this if you have several types of IP phones that use different compression algorithms. If the setting you select does not match the algorithm actually used to encode speech by your phone, the computed QoS bandwidth settings may not be accurate. NOTE VoIP configuration attributes are set on a switch-by-switch basis, meaning that all IP phones connected to an individual switch are assumed to use the same compression algorithm. Settings cannot currently be configured for individual ports. • Priority: This specifies the priority of the VoIP traffic on this VLAN. You can select any of the eight priority settings (from low to highHi). The default is highHi. Typically the priority for VoIP traffic should be high relative to other traffic. Again, you can also set this parameter individually for switches in the VLAN using the manual QoS configuration process. If you specify an unsupported priority for a non-i-series device, the EPICenter VoIP server will automatically map the unsupported priority to a supported priority when it does the QoS configuration on the device. This process maps priority lowHi to low, normalHi to normal, mediumHi to medium, and highHi to high. • Profile: This specifies the QoS profile that will be used by default for this VLAN on each switch in the VLAN. The default is QP8. Note that non-i-series switches (Summit switches running ExtremeWare 4.x) only support four QoS profiles (QP1 through QP4) so for a non-i-series switch, you must change the profile using the manual configuration process. NOTE Each of these setting (except for maximum number of phones) can be modified for individual switches in this VLAN on a switch-by-switch basis. You can do this using the manual QoS configuration process. EPICenter Software Installation and User Guide 401 Voice over IP Manager • Egress Port Selection: The QoS Settings page also displays every port in the VLAN in one of the two lists in the Egress Port Selection portion of the window. You use these lists to designate the ports that should be used as the egress port on each device in the VLAN. Egress ports are used to route VoIP traffic from the IP phone ports (ingress ports) to the Call Manager or PBX, either directly or via trunk ports between other switches in the VLAN. You should designate at least one port on each switch in the VLAN as an egress port in order for VoIP to function over the VLAN. You can designate as many egress ports as you need. To designate egress ports, do the following: — Select one or more ports in the Ports in VLAN list, and click the Add button to move them to the Selected Egress Ports in VLAN list. You can select multiple ports by holding down the CTRL or Shift keys while you make your selections. — To remove ports from the Selected Egress Ports in VLAN list, select the ports and click the Remove button You can remove all ports from the Selected Egress Ports in VLAN list by clicking the Remove All button . . NOTE If some of the ports in your port list are not physically present in the device (a GBIC has been removed, for example) and those ports are not set to auto-negotiate, the port speed will be shown as zero in the port list. If you select such a port as an egress port, this will result in the minimum bandwidth being calculated as zero for the VLAN. If the port speed is set to auto, the calculation will assume a port speed of 100 Mbps and will work correctly. Minimum Bandwidth Calculations The VoIP Manager module computes the minimum bandwidth setting for the QoS profile used for the VoIP VLAN to ensure acceptable VoIP performance. It first computes the total bandwidth needed based on the number of VoIP phone ports in combination with the compression rate used in the IP phones for coding/decoding voice traffic. It then determines the minimum bandwidth as the percentage of the egress port bandwidth that is required to support all the IP phone ports simultaneously. The minimum bandwidth setting will never be less than 1% of the egress port’s total available bandwidth. However, there may be situations where the bandwidth calculation algorithm either overestimates or underestimates the minimum bandwidth requirements. If the egress port speed is set to Auto, the bandwidth calculation assumes 100 Mbps as the configured port speed. If the port’s actual speed is 1000 Mbps, the calculation may overestimate the percentage of bandwidth required for VoIP traffic. If there are multiple egress ports running at different speeds, the VoIP applet calculates the percentage based on the lowest port speed among the egress ports. For best results, it is recommended that you turn auto-negotiation off and explicitly configure the speed of your egress ports. The VoIP Manager module calculates the minimum bandwidth requirements separately for each switch in the VLAN. The bandwidth calculation algorithm assumes there is a one-to-one correspondence between the number of IP phones and the number ingress ports included in the VoIP VLAN, and that all ingress ports in the VLAN (those not designated as egress ports) are IP phone ports. However, if the VoIP VLAN topology includes upstream switches, the ingress port may actually be a trunk port carrying aggregated VoIP traffic. In this case, the bandwidth calculation algorithm may underestimate the minimum bandwidth needed for the ingress port on the upstream switch. For example, Figure 198 shows a topological representation of devices in a VoIP network. In this illustration, IP phones are connected to 10/100Mbps ports on switch A. The VoIP VLAN also includes a 402 EPICenter Software Installation and User Guide QoS Settings for a VoIP VLAN gigabit port (port 50) designated as the egress port on switch A, and two gigabit ports on upstream switch B, with port 30 designated as an egress port. This port could be connected to a Call Manager, a PBX, or another internetworking device. Port 29 on the upstream switch is the ingress port for the VoIP VLAN on that switch. Figure 198: VoIP topology example Egress port 30 29 Switch B (upstream switch) 30 31 32 Ingress port 29 Egress port 50 49 49R 50 50R Switch A IP phone ports XM_031 The VoIP Manager module calculates the minimum bandwidth for each switch based on the number of IP phone ports in the VLAN on that switch, the compression rate, and the speed of the egress port. For switch A, the number of ingress ports does correspond to the number of IP phone connections. However, for the upstream switch (B), the VoIP Manager module assumes that the one ingress port (port 29) is a single IP phone port when it is actually a trunk port. If the egress port (port 30) on the upstream switch B is configured as 1000 Mbps port (as is the case in the example) the minimum bandwidth setting will probably be acceptable in most cases, because the VoIP Manager module will never assign less than 1% of the bandwidth (10 Mbps for a 1000 Mbps port) as the minimum. However, if switch A were a chassis switch that has several hundred phones connected, the bandwidth calculation could determine that the minimum bandwidth setting for the egress port should be 2-3%. But, based on the assumption that there is only one ingress IP phone port (port 29) on switch B, the bandwidth calculation would determine that a 1% minimum is sufficient for the egress port 30. The information in Table 11 is provided to help you ensure that the minimum bandwidth setting in the QoS profile for your VoIP VLAN is sufficient on any upstream switches. EPICenter Software Installation and User Guide 403 Voice over IP Manager Table 11: Minimum Bandwidth Requirements and Calculations for VoIP VLAN Compression algorithm Number of phones (one per port) Total calculated bandwidth Min bandwidth needed for egress ports Max number of phones supported G.711, rate=64 Kbps 0~100 0~7 Mbps 10 Mbps (Min=1%) 156 G.711, rate=64Kbps 100~200 7~13 Mbps 20 Mbps(Min=2%) 312 G.711, rate=64Kbps 200~300 13~20 Mbps 20 Mbps(Min=2%) 312 G.711, rate=64Kbps 300~400 20~26 Mbps 30 Mbps(Min=3%) 468 G.729, rate=8.0Kbps 0~100 0~1 Mbps 10 Mbps(Min=1%) 1250 G.729, rate=8.0Kbps 100~200 1~2 Mbps 10 Mbps(Min=1%) 1250 G.729, rate=8.0Kbps 200~300 2~3 Mbps 10 Mbps(Min=1%) 1250 G.729, rate=8.0Kbps 300~400 3~4 Mbps 10 Mbps(Min=1%) 1250 G.723.1, rate=6.4Kbps 0~100 0~1 Mbps 10 Mbps(Min=1%) 1562 G.723.1, rate=6.4Kbps 100~200 1~2 Mbps 10 Mbps(Min=1%) 1562 G.723.1, rate=6.4Kbps 200~300 2 Mbps 10 Mbps(Min=1%) 1562 G.723.1, rate=6.4Kbps 300~400 2~3 Mbps 10 Mbps(Min=1%) 1562 • The first two columns of Table 11 show various combinations of the compression algorithms and number of IP phone ports. • The third column shows the total bandwidth requirement calculated based on the compression rate and number of ports as shown in the first two columns. • The fourth column (Min bandwidth needed for egress ports) shows the corresponding minimum bandwidth that should be configured for a gigabit egress port such as the egress port on the upstream switch. • The last column shows the actual maximum number of simultaneous calls that can be supported by the minimum bandwidth. Find the minimum bandwidth setting in the table that corresponds to your VoIP setup (number of phones and compressions algorithm. Then, make sure the minimum bandwidth setting for the VLAN on your upstream switch(es) meets this requirement. You can change the bandwidth settings for an individual switch using the Configure VoIP QoS Parameters dialog. See “Configuring QoS Settings” on page 404 for more information. Note that the bandwidth calculation algorithm always assumes there is a one-to-one correspondence between the number of IP phones and the number of ingress ports included in the VoIP VLAN. Another situation that may result in an incorrect bandwidth calculation is where multiple IP phone are connected via a hub to a single ingress port on a switch. In this configuration the VoIP Manager will underestimate the number of IP phone connections, and will therefore underestimate the required minimum bandwidth. In this case, you can also use the information in Table 11 to help you determine the correct minimum bandwidth in the QoS profile for the VoIP VLAN on the switch. Configuring QoS Settings Changing the default configuration attributes does not actually configure any settings on the switches. The information is provided to simplify the configuration task for the user and to recommend minimum 404 EPICenter Software Installation and User Guide Configuring QoS Settings bandwidth settings for the QoS profiles on the component switches. You can configure the recommended QoS settings on your switches in one of two ways: • The Auto Configure QoS button calculates the recommended settings based on your default selections, and configures them on all switches in the selected VLAN. • The Manually Configure QoS... button displays a dialog where you can modify the settings for individual switches, and then configure only selected devices. To configure the default QoS settings on all switches in the VLAN, do the following: 1 On the QoS Settings page, select the default settings for the VLAN. 2 Click the Auto Configure QoS button at the bottom of the page. The VoIP applet calculates the recommended bandwidth settings, and sends the configuration to each switch in the VLAN. To configure one or more individual switches with a particular setting that differs from the default settings, do the following: 1 From the QoS Setting page, click the Manually Configure QoS... button at the bottom of the page. This displays the Configure VoIP QoS Parameters dialog, as shown in Figure 199. Figure 199: Configure VoIP QoS Configuration Parameters dialog Initially, the left hand side of this dialog displays a list of the switches in the selected VLAN, and the default configuration attributes you specified on the QoS Settings page. You can configure the switches with the default settings, or modify the settings for one or more individual switches. For example, if your organization uses several types of VoIP phones with different compression algorithms, you may need to set different algorithms and QoS profile settings for the switches to which these phones are connected. NOTE VoIP Configuration attributes can only be set on a switch-by-switch basis, meaning that all IP phones connected to an individual switch are assumed to use the same compression algorithm. Settings cannot currently be configured for individual ports. When you move a switch to the Calculated Settings list, the VoIP applet calculates the minimum bandwidth required to support the VoIP traffic. It makes the calculation based on the compression algorithm and compression rate, the number of ingress ports in the VLAN, and the speed of the EPICenter Software Installation and User Guide 405 Voice over IP Manager ports. Depending on your VoIP network topology and device configuration, there may be situations where the minimum bandwidth is either overestimated or underestimated. See “Minimum Bandwidth Calculations” on page 402” for more details. If this occurs, you can edit the bandwidth parameters as part of this configuration process. The VoIP applet also sets the QoS profile and priority in the Calculated Settings list based on the settings you select in the fields in the Select Switches area of the window. To configure one or more switches with settings that differs from the default settings, do the following: 2 Make your changes to the QoS settings: a Select the QoS profile that should be used (QP1 through QP8). b Select the priority (low to highHi). c Select the compression algorithm. d Type in a compression rate to be used as a parameter in the calculation of minimum bandwidth. The default is the rate normally used by the compression algorithm. If you have selected “Other” as the compression algorithm, the default is set to zero. This value is used only in the calculation of minimum bandwidth, and does not affect the actual compression rate used by the phone. As a rule, you should set the compression rate to be the same as the rate actually used by the compression algorithm for the phone. 3 Select one or more switches that should be configured using these QoS settings, and click the Add button to move them to the Calculated Settings list. Click the Add All button to move the entire list of switches to the Calculated Settings list. 4 You can edit the minimum and maximum bandwidth setting values once an entry has been placed in the Calculated Settings list. Select the cell containing the bandwidth percentage you want to change, type in a new percentage, and click outside the cell for the change to be recognized. There are a number of reasons why you might want to change the minimum or maximum bandwidth settings: — To reduce the minimum bandwidth percentage when the IP phone ports are set to Auto but actually run at 1000 Mbps — To increase the minimum bandwidth percentage when a ingress port is actually a trunk port carrying aggregated VoIP traffic from an edge switch — To limit the maximum bandwidth (the default maximum is 100%) See “Minimum Bandwidth Calculations” on page 402 for more details on the bandwidth calculation issues. 5 You can repeat steps one and two for other switches in the Select Device(s) list. 6 To change the profile, priority, algorithm or compression rate for an entry in the Calculated Settings list, you must remove the switch from the list, change the settings, and add it again. Remove switches from the Calculated Settings list by selecting the switches and clicking the Remove button You can remove all switches from the Calculated Settings list by clicking the Remove All button . . 7 Click the Apply button to initiate configuration of the QoS parameters on the switches. 406 EPICenter Software Installation and User Guide VoIP Reports VoIP Reports A Voice VLAN Summary report and a Voice over IP Details report are available from the EPICenter Dynamic Reports Main page. The summary report provides a list of the VLANs that have been selected as Voice over IP VLANs, along with the switches that are included in those VLANs. The Voice over IP Details report displays information about each device in the VLAN. You can access the EPICenter software Dynamic Reporting capability in one of two ways: • By clicking the Reports icon in the EPICenter software Navigation Toolbar • By logging in directly from the EPICenter Start-up page Voice VLAN Summary Report To view a Voice VLAN Summary report, click the Voice VLAN Summary link in the left-hand panel. This displays a report of the voice VLANs known to EPICenter. The information reported includes: • VoIP VLAN Name: Name of the VLAN • Device List: IP addresses of devices with ports that are members of this VLAN, and the QoS Profile configured for this VLAN on each device Click on a VLAN name to display the Voice over IP Details report for the devices in the VLAN. The Voice over IP Details report displays the following information: • Device Name: Name of the device • IP Address: IP address of the device • VLAN IP: The IP address and subnet mask assigned to the VLAN (if any) on the switch • Egress Port List: The ports specified as Egress ports for the VoIP VLAN • Number of Phone Ports: The number of ports that are available for use as IP phone ports Known Behaviors and Problems This section describes known problems with this release, including recommendations for workarounds when available. It also describes application behaviors that may not be intuitive. No “hourglass” cursor displayed during some lengthy operations In some cases, no hourglass cursor is displayed during lengthy operations. This includes selecting VLANs for VoIP, and during device configuration operations. (13888) Egress port tables are not updated after port configuration changes For some versions of ExtremeWare, the EPICenter database does not get updated when changes are made to the port speed and auto-negotiation parameters. This is the case for ExtremeWare 4.1.19(3), 6.1.8(13), and 6.1.9.(11). The database is correctly updated for devices running ExtremeWare 4.1.17(6) or 6.2.0(60). (1-61CBE) EPICenter Software Installation and User Guide 407 Voice over IP Manager Refreshing the browser before a display update has completed may cause an exception When you enable or disable a VoIP VLAN that has multiple devices, or when you configure VoIP Qos settings on such a VLAN, it can take a long time (more than 30 seconds) to update the database and refresh the display. In the browser-based client, if you attempt to do a browser refresh before this process has finished, you may get an error exception. If this occurs, you will need to restart your browser. (1-7D7X1, 1-7D7XE, 1-7RTSM) Saving VoIP configuration after VLAN changed outside VoIP applet results in incorrect VoIP configuration display If changes are made to a VoIP VLAN by another user (e.g. another EPICenter client or through the ExtremeWare CLI) while you are configuring the VLAN through the VoIP applet, the EPICenter client will be notified that something has changed, and will prompt you to save your configuration changes. Before you save your changes you should ensure that the changes made to the VLAN do not conflict with your configuration, or the configuration displayed through the VoIP applet may be inconsistent. For example, if you place a port in the egress port list, and someone simultaneously removes that port from the VLAN, if you save your configuration with that port still designated as an egress port, your VoIP configuration will continue to show the removed port. Resyncing the switch through the Inventory applet will update the VoIP configuration to correctly display only the existing ports. (1-7UFYI) Egress port tables not updated when port configuration changes If the EPICenter server is farther down in the queue on the switch, the VoIP applet may not receive the trap that notifies it when the port configuration is changed, and the VoIP configuration will not be updated. (PD2-65243630) The MinQBuf value incorrect after VoIP configuration in ExtremeWare 6.1.7 b9 On a switch running 6.1.7 b9, after you configure Qos settings for a VoIP VLAN, the value shown for the MinQBuf parameter, as displayed by the ExtremeWare show qosprofile command, is incorrect. It will be displayed as a very large percentage where it should be zero. (1-5MKFT) 408 EPICenter Software Installation and User Guide 19 Using the Policy Manager This chapter describes how to use the EPICenter Policy Manager for: • Creating, modifying, and deleting network Quality of Service (QoS), access list, and Access-based policies • Configuring QoS profile settings on network devices • Configuring network devices with the defined network policies Using the Policy Manager The Policy Manager provides a high-level interface for specifying QoS and access list rules for Extreme Networks devices, and IP policies for Cisco devices. It is strongly recommended that you become familiar with the concepts presented in Chapter 1 of this manual before you begin to create policies through EPICenter on your network devices. The Policy Manager is closely tied to the EPICenter Grouping applet, which is used to define the network resources that can be used as endpoints or in the scope for a policy definition. Resources must be set up through the Grouping applet prior to using them in a policy definition. You should be familiar with the Grouping applet before you begin to define policies through the Policy Manager. In addition, you must have Administrator or Manager access to create, modify, and configure policies within the Policy Manager. If you have Monitor-level access only, you cannot use these functions. To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. The Policy Manager main window is displayed (see Figure 200). The Policy Manager is organized into two functional areas. • Policies View, where you can create, view, and modify EPICenter policy definitions for Extreme Networks devices. The organizing principle within the Policies View is the policy definition. • The ACL Viewer, where you can view the access list and QoS rules generated by the Policy Manager for the devices in your network. You cannot modify EPICenter policy definitions from within this view. However, you can modify QoS configuration settings for Cisco devices. The organizing principle within the ACL Viewer is the network device. From either the Policies View or ACL Viewer, you can modify QoS profiles, change policy precedence, and configure the currently-enabled policies on one or more devices. EPICenter Software Installation and User Guide 409 Using the Policy Manager When the Policy Manager applet first appears, the Policies View is selected, showing a summary of the policies currently defined within the EPICenter Policy Manager. You can view the details of an individual policy by selecting the policy in the component tree, or by double-clicking a policy entry in the policy list in the main window of the applet. From the Policies View you can create and modify access list and QoS rules. See “Policies View” on page 411 for details on defining policies. The buttons at the top of the page provide the following functions: • New lets you create new policy definitions. This button is available only in the Policies View. • Save lets you add a new policy definition to the database, or replace a modified policy. This button is available only in the Policies View. • Delete removes the selected policy definition from the database. This button is available only in the Policies View. • Reset abandons all modifications you have made to a policy definition, and restores the last saved definition for the selected policy to the fields displayed in the Policy description page. This button is available only in the Policies View. • Auto is a toggled-state button that indicates whether auto-configuration is enabled or disabled. When auto-configuration is enabled any access list or QoS changes made within the Policy Manager, any changes made within the Grouping Manager or Inventory Manager that affect the endpoints or scoping of a policy, or any changes on a device that affect access list or QoS settings on the device, will cause an immediate reconfiguration of all enabled policies on the network devices. Access-based Security policies will be automatically configured only if the Auto-configuration mode is activated. When auto-configuration is disabled device policy configuration occurs only when specifically invoked using one the configure buttons (Config or Config All). See “Configuring QoS Policies” on page 433 for important information on using the Auto-configuration feature. If you are using Access-based Security policies and auto-configuration is disabled, these policies have to be configured each time a user logs in over the network. • Order • Cfg All lets you change the precedence of your policies relative to one another. computes rules for your policies and configures them on all affected devices. • Config computes the set of access list and QoS rules that affect the devices you select, and configures them on those devices. You can select an individual device or a group, and all policies that have those devices in their scope will be configured. This button is available only in the ACL Viewer. • Profile • Help lets you modify the settings of the QoS profiles for a device or device port. displays online help pages for the Policy Manager. • Status shows the status of a configuration operations due to automatic or directed configuration. 410 EPICenter Software Installation and User Guide Policies View Each function is described in more detail in later sections of this chapter. Policies View The Policies View lets you create, view, and modify the policies managed by the EPICenter Policy Manager. The Policies View organizes information by policy—information related to devices is presented relative to the currently-selected policy. To view the policies currently defined within the EPICenter Policy System, click the Policies radio button just above the component tree. This displays a summary of the policies currently known to the Policy Manager (see Figure 200). Figure 200: Policy View in the Policy Manager The component tree on the left shows the policies defined through the Policy Manager. The main applet frame shows the definition and function of the selected elements. • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order. • Name is the name of the policy. • Type indicates the type of policy (Access-based security, IP, source physical port, or VLAN). • Enabled indicates whether the policy is enabled. A green check ( ) indicates that the policy is enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not enabled will not be configured on any devices, either automatically or when you start a configuration manually. • Direction indicates whether rules are generated by this policy for traffic in one direction only, or are generated for traffic in both directions. EPICenter Software Installation and User Guide 411 Using the Policy Manager — For Access-based Security policies, “network resources to users” indicates traffic going from the endpoints specified in Network Resources side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the Users area. “Users to network resources” indicates traffic flowing from user endpoint(s) to the network resource endpoint(s). “Bidirectional” indicates that access list rules are generated for traffic in both directions. The default for these policies is the “users to network resources direction”. The default choice gives a lower total number of ACLs since bi-directional requires twice the number of rules as uni-directional. — For IP policies, “server to client” indicates traffic going from the endpoints specified in Server side of the Policy Traffic area of the Policy Description page, to the endpoints specified in the Client area. “Client to server” indicates traffic flowing from client endpoint(s) to the server endpoint(s). “Bidirectional” indicates that access list rules are generated for traffic in both directions. — For Source Port policies, the direction will always be “from source port.” — For VLAN policies, the direction will always be “from VLAN.” • Description displays the description, if any, that was entered when the policy was defined. By default, the policy list is sorted by policy type. To sort based on the contents of a different column, click the column header. Clicking a second time reverses the sorting sequence. To view the specifications for an individual policy, you can do one of the following: • Select the policy name in the component tree. • Double-click anywhere within the policy entry in the policy list display. This displays the Policy description page for the selected policy. Policy Definition Page The Policy Definition page displays the high-level definition of the selected policy, in terms of the network elements (users, hosts, and L4 ports as appropriate) that define the traffic flow, and the devices on which the policy is implemented. Figure 201 shows the Policy Definition page for an Access-based Security policy. 412 EPICenter Software Installation and User Guide Policies View Figure 201: Policy definition page for an Access-based Security policy The policy name and optional description are displayed at the top of the page. The Policy Traffic section, shows the elements that define the traffic flow: • The Policy Type radio buttons determine the type of rules that will be generated from the policy description, and thus affect how the policy endpoints are specified. • The rest of this area shows the network resources that define the traffic flow for the policy. — In the Access-based Security policy example shown in Figure 201, the policy traffic specification includes two lists of resources that define the “network resources” or left-side endpoints for the policy, and the “users” or right-side endpoints. These resources are defined in the EPICenter Inventory or Grouping applets, and may include hosts, custom applications, users, devices, and ports, or groups of any of those resources. For example, the resource shown in the Network Resources list in Figure 201 is a single host. The resource in the Users list is a User group. If you have Administrator or Manager access, you can use the Edit button to access the resources list and view the definition of the resource groups. You can also view their definitions through the Grouping applet. For the Network Resources side, the resources are mapped to specific IP addresses and ports, but for the Users side, the IP addresses are determined dynamically at network login. If you are entering a new IP policy, the left-side endpoints will be “servers” and the right-side endpoints will be “clients.” For the purpose of generating access list rules, those resources are mapped to specific IP addresses and ports for use as source and destination endpoints. These lists may also show IP addresses that have been entered directly. — The traffic specification for an Access-based Security policy includes a flow direction (network resources to user, user to network resources, or bidirectional). This is used by the EPICenter policy server to determine the source and destination for each traffic flow. In the example, the traffic is unidirectional, from user to network resource, which is the default for Security policies. EPICenter Software Installation and User Guide 413 Using the Policy Manager This means that access list rules will be generated with the hosts listed on the network resources side as the destinations, and users on the user side as the sources. (See “Policy Traffic Page” on page 414 for an explanation of the traffic flows that this example generates.) — The traffic specification for an Access-based Security policy also includes the specification of a “network resource” on the network resource side, that can be used to define a protocol and an L4 port or port range, or a named application (which translates to a protocol and specific L4 port).You can define an L4 port for the userside as well, if needed. — For an IP policy, the Policy Traffic section is similar to that for Access-based Security policies with the substitution of “Servers” and “Clients”, for “Network resources” and “Users” respectively. IP policies default to bi-directional. — For a Source Port or VLAN policy, the Policy Traffic section is much simpler, showing you either the network resources that define the source physical ports or the VLANs that are used to define the traffic flow for the policy. Flow direction is not a factor in Source Port or VLAN QoS Policy specifications. See “Creating a New Policy” on page 416 for detailed information on specifying the endpoints for defining policy traffic. The Policy Access Domain (Scope for IP policies) section displays the network devices on which the policy rules should be implemented. The devices can be specified individually, or as groups whose member devices or device ports will be included in the domain. The policy domain also specifies the QoS profiles that are implemented on each device for the specified traffic flows. The Policy Access Domain (Scope for IP policies) display includes: • The resources (devices or groups that contain devices) on which the policy should be implemented • The type of the resource (Device or Group) • The QoS profile that will be used for the device or devices specified by this resource • An optional comment entered when the QoS profile is selected for the resource The resources are displayed in order of precedence. Because the domain/scope can include groups as well as individual device resources, it is possible that a device could be included more than once in the domain/scope (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences could conflict. Therefore, the order of the list determines the precedence in case of QoS profile conflicts—the first occurrence of a device in the list determines the QoS profile that will be used on that device. See “Creating a New Policy” on page 416 for detailed information on specifying scope resources for a policy. Policy Traffic Page The Policy Traffic page shows the actual traffic patterns derived from the Policy Traffic specification as defined on the Policy Description page. Access-based Security policy traffic will not show on this page unless the user endpoint is specified as a fixed IP address. Otherwise, the traffic will only show when the user is actively logged in over the network. The diagram below shows an example for an IP policy. For an Access-based Security policy, this page may be blank except when the user is logged into the network. In the case where a user is assigned a specific IP address however, the page will look the same as it does for an IP policy. Figure 202 show the traffic patterns generated for the IP policy from Figure 201. 414 EPICenter Software Installation and User Guide Policies View Figure 202: Policy Traffic page In Figure 201, the Policy Traffic specification consists of two Host groups as end points, (each containing two hosts), a unidirectional traffic flow (server to client), and the service specification “UDP Any.” This resulted in the four traffic flows shown in Figure 202. • Protocol indicates the protocol specified for the traffic (TCP in the example). • Dest IP is the destination IP address, derived from one of the host specifications. • Dest Port is the L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Src IP is the source IP address, derived from one of the host specifications. • Src Port is the L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.” EPICenter Software Installation and User Guide 415 Using the Policy Manager Creating a New Policy To create a network policy, follow these steps: 1 Select New Figure 203. from the toolbar. This displays a new Policy Definition page, as shown in Figure 203: Policy description page for a new Access-based Security policy Flow direction (IP and Security policies only) Policy traffic endpoint selection Service filter specification (IP and Security) Policy access domain selection 2 Enter a name for the policy (required) and a description of the policy (optional). 3 If you do not want this policy to be configured onto any devices, click the Enabled check box once to remove the check mark and indicate that this policy should not be enabled. The presence of a check in the box indicates that the policy will be enabled, which is the default state. 4 Select a schedule for this policy, if desired. Default is 24 hours a day, 7 days a week. You can check desired days, set start time on the 24 hour clock, and set time periods from 0 to 168 hours. Scheduled times are allowed to overlap (see Figure 204). 416 EPICenter Software Installation and User Guide Creating a New Policy Figure 204: Example of a schedul e 5 Select the type of policy you want to create. The type of policy you choose will determine the type of information you need to provide. The policy type acts as a sort of template, requiring definition only of the components relevant to the particular policy type. Select the appropriate Policy Type as follows: — select Type to generate access list rules for implementation on the devices in the policy scope. — Select Security to specify the components of a policy for traffic between resources and dynamically obtained user endpoints. A policy of this type will generate access list rules for implementation of the devices in the access domain. These rules are generated whenever an authorized user logs on and will be deleted when that user logs off. — Select IP to specify the components of a policy for traffic between endpoints, such as a server and specific clients or a particular service and server. — Select VLAN to specify the components (VLANs) of a policy for traffic originating from the member ports of one or more VLANs. A policy of this type will generate VLAN QoS rules for implementation on the devices in the policy scope. — Select Source Port to specify the components of a policy for traffic originating from specific ingress ports. A policy of this type generates source physical port QoS rules for implementation on the devices in the policy scope. 6 Specify the endpoints that will define the traffic flows to which this policy will apply. For a Security policy: You must specify two sets of endpoints for a Security policy, which are classified as network resources and users. The resources you select are typically hosts or users, but do not need to be in a conventional “client-server” relationship. They simply represent the endpoints (source and destination, translated to an IP address and port) of the traffic flow. You can specify individual endpoints, or groups that contain the endpoints. The user end of the specification does not need to have a specific IP address assigned to it, although it may. You must also specify the traffic direction to which the policy should apply. The default for an Access-based Security policy is user to resource. For an IP policy: You must specify two sets of endpoints for an IP policy, which are classified as servers and clients. The resources you select are typically hosts or users, but do not need to be in a conventional “client-server” relationship. They simply represent the endpoints (source and destination, translated to an IP address and port) of the traffic flow. You can specify individual endpoints, or groups that contain the endpoints. You can also specify a subnet address or the “Any” wildcard as an endpoint. EPICenter Software Installation and User Guide 417 Using the Policy Manager You must also specify the traffic direction to which the policy should apply. The default direction for an IP policy is bidirectional. For a Source Port policy: You must specify one or more devices and physical ports as source endpoints. You can specify them individually or as groups that contain ports. For a VLAN policy: You must specify the VLANs to which the policy should apply. You can specify VLANs individually or as groups that contain VLAN members. NOTE You should not include the Management (Mgmt) or MacVlanDiscover VLANs as policy endpoints. These VLANs cannot have policies associated with them. 7 To select one or more endpoints for any of the policy types, click the Edit... button that appears either to the right or below the list of endpoint resources. For a Security policy: Two Edit buttons are provided, one to the right of the Network Resources list, and one to the right of the Users resource list, as shown in Figure 203 For an IP policy: Two Edit buttons are provided, one to the right of the Servers resource list, and one to the right of the Clients resource list, similar to that shown in Figure 203. For a VLAN or Source Port policy: The Edit button appears at the bottom of the Policy Traffic area, below the Resource list. a Click the appropriate Edit... button to display the Edit Policy Endpoints window, as shown in Figure 205 and Figure 206. For a more detailed explanation of this window, see “Edit Policy Endpoints Window” on page 423. Figure 205: Edit Policy Endpoints window for the resources of Security policy 418 EPICenter Software Installation and User Guide Creating a New Policy Figure 206: Edit Policy Endpoints window for the Users side of an Access-based Security policy The left panels of this window, Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet. You can specify endpoints using any of the available high-level resources: users, hosts, devices, VLANs, or groups of these resources. The types you select will depend on the type of policy you are creating. When you select a group in the component tree, its children (groups or individual resources) are displayed in the associated Resource list (the right half of the Select Endpoints to be Added area). Individual resources are displayed only if they are of types that can be used as endpoints for the policy type you have selected. The area on the right of the window Current Policy Endpoints, shows the resources that are already selected as endpoints. • Use the Add button to add selected resources to the Current Policy Endpoints list. • Use the Add All button to add all the children of the group you have selected in the component tree. • Use the Remove button to remove selected resources from the Current Policy Endpoints list. • Use the Remove All button to remove all resources from the Current Policy Endpoints list. For an IP policy and for the Network Resources side of an Access-based Security policy: There are two additional ways to create endpoints: • Select Add IP Addr to specify an IP address directly. (This button will not appear if you are creating VLAN or Source Port endpoints.) A small pop-up window appears, in which you can enter an IP address and subnet mask into the fields provided. A subnet mask of 32 indicates a host. • Select Add Wildcard to add the endpoint specification “Any” to the Current Policy Endpoints list. This indicates that any IP address will be accepted as a match for this policy endpoint. (This button does not appear if you are creating VLAN or Source Port endpoints.) b Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area. c Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy Endpoints list. 8 For a VLAN or Source Port policy: Your next step is to define the Policy Scope. Skip to Step 11 on page 421 for instructions on specifying a scope for your policy. EPICenter Software Installation and User Guide 419 Using the Policy Manager 9 Traffic direction for a Security or an IP policy: You must indicate whether this policy should affect traffic flowing only in one direction between the endpoints, or whether it should affect traffic in both directions. The directional selection buttons do not appear if you are creating VLAN or Source Port endpoints. Click the appropriate button to indicate the traffic flow directions to which this policy should be applied (for IP policies, substitute server for network resource and substitute client for user): • The top button (- - >) indicates that this policy should apply only to traffic flowing from the network resource (left-side) endpoints to the user (right-side) endpoints. The network resource endpoints will be considered the source, and the user endpoints will be considered the destination in the access list rules created from this policy. • The middle button (< - -) indicates that this policy should apply only to traffic flowing from the user (right-side) endpoints to the network resource (left-side) endpoints. The user endpoints will be considered the source, and the network resource endpoints will be considered the destination in the access list rules created from this policy. • The bottom button (< - - >) indicates that this policy should apply to all traffic flowing between the user (right-side) endpoints and the network resource (left-side) endpoints, in either direction. 10 Server service and L4 ports for a Security or an IP policy: You may indicate a protocol service and L4 (layer 4) ports that should be used as a filter when looking for traffic that matches the access list criteria. You can specify this information by selecting a protocol and entering the L4 port numbers, or you can select a predefined service or application that the policy server can translate to a protocol and one or more L4 ports or you can use a group of the Custom Applications type. When using the latter, you can group different types of ports as well as non-contiguous groups of ports. The default is “IP Any” which specifies layer 3 traffic. Specification of L4 ports for the client endpoints is optional. These fields do not appear if you are creating VLAN or Source Port policies. Figure 207 shows the portion of the Policy Definition window where you can make these selections. This illustration shows the minimum specification if you select a service that translates to a port (or set of ports) known to the EPICenter policy server. Figure 207: Service and port selection area for a Security or an IP policy—basic specification a To specify a service, select one from the drop-down list provided, as shown in Figure 208. 420 EPICenter Software Installation and User Guide Creating a New Policy Figure 208: Service selection for an IP policy From this list you can select from the standard TCP, UDP, IP services, from Custom Applications, or from specific named services (applications) that are known to the EPICenter policy server. In the list shown in Figure 208, Baan is an example of such a service, and has been preconfigured with a protocol and L4 port. If you select an application, the policy server will determine the L4 port from its pre-configured value in the EPICenter database. The settings “Deny TCP SYN packets” and “Deny TCP SYN packets Any” are the same as the ExtremeWare settings called “TCP permit established.” These settings specify that all new TCP connections (as indicated by the presence of a Sync request) from the client endpoints to the server will be denied (existing TCP sessions will continue). When you select either of the “Deny TCP SYN packet” settings, the traffic direction is automatically set from client to server. NOTE When you select either of the Deny TCP SYN packets services, the QoS profiles for all devices in your policy scope are automatically set to “blackhole” to accomplish the denial of new TCP traffic. b To specify an L4 port or port range, enter a port number in the L4 Port Range field. Enter a single port number, or a port range in the form <first_port>-<last_port>. The L4 Port Range field appears only if you select a service that requires a port specification. These selections are: • Specify TCP port range • Specify UDP port range • Deny TCP SYN packets The other selections either indicate any port (TCP Any, UDP Any, IP Any, Deny any TCP SYN packets) or translate directly to an L4 port. c If you want to specify an L4 port for the client or user endpoints, click the Specify client L4 port or the Specify user L4 port check box to display the client service selection fields. The drop-down list of services is limited to the ability to specify TCP or UDP Any, or a TCP or UDP port range. 11 The last step is to define the access domain for a Security policy or scope for an IP policy—the devices on which the access list rules should be implemented, along with the QoS profile that should be associated with these rules. EPICenter Software Installation and User Guide 421 Using the Policy Manager Figure 209: Policy Access Domain display The Policy Access Domain (Scope for IP policies) display includes: • Each resource (device, or group that contains devices or ports) included in the scope • The type of each resource (Device or Group) • The QoS profile that will apply to the resource — to the individual device or to all the devices in the group if the resource is a Group • An optional comment you can enter when you select the QoS profile for the resource The order in which the resources are displayed in the Policy Access Domain or Scope Resource list determines their precedence. Precedence is significant when an individual device appears more than once in the list (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences is in conflict. a To add a resource to the list (or to modify the list) click the Edit... button. The Edit Policy Access Domain/Policy Scope Window is displayed, as shown in Figure 210. Figure 210: Edit Policy Access Domain window This window is similar to the Edit Policy Endpoints window described previously. 422 EPICenter Software Installation and User Guide Edit Policy Endpoints Window The left side of this window Select Policy Access Domain Devices to be Added, displays a component tree showing the resources currently defined in the Grouping applet. When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to be Added area). You can select groups or devices as access domain resources. If you select a group that does not contain any devices as children, the group is added as an access domain resource, but will not actually have any effect on the policy access domain. The area on the right of the window (Current Policy Access Domain Devices) shows the resources you have already selected to include in the access domain for your policy. • Use the Add button to add selected resources to the Current Policy Access Domain Devices list. • Use the Add All button to add all the children of the group you have selected in the component tree. • Use the Remove button to remove selected resources from the Current Policy Access Domain Devices list. • Use the Remove All button to remove all resources from the Current Policy Access Domain Devices list. • You can select the Security QoS Profile that should be configured on the device for this policy by selecting a resource in the Current Policy Access Domain Devices list, and then selecting a profile from the drop-down list associated with that resource. • Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Access List (Policy Traffic for IP policies) area. • Cancel closes the Edit window and abandons any changes you’ve made to the Current Policy Endpoints list. b Use the Up and Down buttons to change the precedence of the entries in the list. • Select an entry and click the Up button to move it up in the list (giving it higher precedence). • Select an entry and click the Down button to move it down in the list (giving it lower precedence). 12 To save your new policy definition, click the Save button. If you attempt to leave the policy definition page without saving your new policy definition, a small Confirm Save Policy Changes pop-up appears, asking if you want to save the changes (your new policy). • Click the Yes button to save the policy. • Click No to abandon the policy • Click Cancel to return to the Policy Definition page of the policy you were creating. NOTE If auto-configuration is enabled, this policy will be configured immediately on the network. This could cause network problems if policy precedence relationships are not set correctly. Edit Policy Endpoints Window The Edit Policy Endpoints window, as shown in Figure 211, looks basically the same regardless of the type of policy you are creating. The exception is the Add IP Addr and Add Any buttons that appear only for a Security or an IP Policy endpoint. Note that these extra buttons only appear for the Network EPICenter Software Installation and User Guide 423 Using the Policy Manager Resources (left-hand) side for Security policies. If you are creating a VLAN or Source Physical Port policy, these two buttons will not be present. Figure 211: Edit Policy Endpoints window for a Security policy The left side of this window (see Figure 211) Select Endpoints to be Added, displays the component tree showing the resources currently defined in the Grouping applet. You can specify endpoints using any of the available high-level resources: Users, hosts, custom applications, devices, VLANs, or groups of these resources. The types you can select will depend on the type of policy you are creating. The area on the right of the window (see Figure 211) Current Policy Endpoints, shows the resources that are already selected as endpoints. When you select a group in the component tree, its children (groups or individual resources) are displayed in the associated Resource list (the right half of the Select Endpoints to be Added area). Individual resources are displayed only if they are of types that can be used as endpoints for the policy type you have selected. For example, if you are creating a VLAN policy, the Select Endpoints to be Added list will only display groups and VLAN resources. • Select one or more individual resources or groups from the Resources list, and click the Add button to add them to the Current Policy Endpoints list. • Click the Add All button in the component tree. to add all the resource children of the group you have selected • To remove resources from the Current Policy Endpoints list, select one or more resources and click the Remove button • To remove all resources from the Current Policy Endpoints list, click the Remove All button 424 . . EPICenter Software Installation and User Guide Edit Policy Access Domain/Policy Scope Window For an IP or Security policy: There are two additional ways to create endpoints for an IP or Security policy: • Select Add IP Addr to specify an IP address directly. (This button will not appear if you are creating User-side Security, VLAN or Source Port endpoints.) A small pop-up window appears, as shown in Figure 212. Figure 212: Add an IP address as an endpoint for an IP policy a Enter an IP address and subnet mask into the fields provided. The subnet mask is used to set parts of the IP address to zero. A subnet mask of 32 indicates a host (all 32 bits of the address are used). A subnet mask of 24 is typically used to indicate a subnet address, and sets the last (right-most) address component (the least significant eight bits) to zero, leaving the other 24 bits as is. You can enter any number of bits as the subnet mask. b Click OK to add it to the Current Policy Endpoints list. • Select Add Wildcard to add the endpoint specification “Any” to the Current Policy Endpoints list. This indicates that any IP address will be accepted as a match for this policy endpoint. (This button does not appear if you are creating User-side Security, VLAN or Source Port endpoints.) NOTE You cannot have both the wildcard endpoint specification and individual endpoint specifications in the Current Policy Endpoints list, as individual endpoints are redundant with the “Any” specification. If you specify Add Wildcard when there are other endpoints in the list, the Policy Manager will display a warning, and will remove the other endpoints if you elect to continue. Further, if you attempt to add an individual endpoint specification when the Current Policy Endpoint specification is “Any,” the Policy Manager will display a warning, and remove the wildcard specification if you elect to continue. • When you have finished adding resources to the Current Policy Endpoints list, click the OK button at the bottom of the window. This closes the Edit window and displays the contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area. Click Cancel to close the Edit window and abandon any changes you’ve made to the Current Policy Endpoints list. Edit Policy Access Domain/Policy Scope Window The Edit Policy Access Domain (shown in Figure 210) and Edit Policy Scope windows (shown in Figure 213), are very similar to the Edit Policy Endpoints Window. EPICenter Software Installation and User Guide 425 Using the Policy Manager Figure 213: Edit Policy Scope window The left side of this window Select Policy Access Domain Devices to be Added, or Select Policy Scope Devices to be Added displays a component tree showing the resources currently defined in the Grouping applet. When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Policy Access Domain Devices to be Added or Select Policy Scope Devices to be Added area). You can select groups or devices as scope resources. If you select a group that does not contain any devices as children, the group is added as an access domain resource, but will not actually have any effect on the policy access domain. The area on the right of the window Current Policy Access Domain Devices, shows the resources you have already selected to include in the access domain for your policy. 1 Add or remove resources from the Current Policy Access Domain Devices list: • Select one or more individual resources or groups from the Devices list, and click the Add button to add them to the Current Access Domain Devices list. • Click the Add All button to add all the resource children of the group you have selected in the component tree. • To remove selected resources from the Current Domain Devices list, select the resources and click the Remove button • To remove all resources from the Current Policy Domain Devices list, click the Remove All button . . 2 In addition to selecting resources, you can select the QoS Profile that should be configured on the device for this policy. a Select a resource in the Current Policy Access Domain Devices list. 426 EPICenter Software Installation and User Guide Modifying Policies b Click the entry in the QoS Profile column for the selected resource, or in the QoS Profile field below the list. In either case, a drop-down list of the available QoS profiles is displayed, from which you can select the profile you want to associate with this policy. c To enter a comment about this resource, enter it in the Comment field below the resource list. NOTE For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4) are supported. If you select a profile that is not supported on the device you are configuring, your selection will be ignored. 3 When you have finished adding resources to the Current Policy Access Domain Resources list, click the OK button at the bottom of the window. This closes the Edit window and displays the contents of the Current Policy Scope Resources list in the appropriate resource list in the Policy Traffic area. Click Cancel to close the Edit window and abandon any changes you have made to the Current Policy Scope Resources list. Modifying Policies To modify a network policy, you follow the same steps you use to create a policy, but you start with the settings of the current policy. You can change any of the policy settings, including the policy name and policy type. To modify a policy, follow these steps: 1 Click the Policies radio button just above the component tree to display a summary of the policies currently known to the Policy Manager. 2 Select the policy you want to modify either in the component tree or from the list of policies. This displays the Policy Description page for the selected policy, as shown in Figure 214. EPICenter Software Installation and User Guide 427 Using the Policy Manager Figure 214: Policy Definition page for an existing source port policy 3 To change the policy name, type the new name in the Name field. 4 To enable or disable the policy, click the Enabled checkbox to add or remove the check mark. The presence of the check indicates that the policy is in the enabled state. 5 To enter or change the description for this policy, just type the new text into the Description field. 6 To change the policy type, click the appropriate Policy Type selector. NOTE If you change the policy type, the contents of the Policy Traffic fields will change. The current entries in the traffic resource list(s) are removed, although they will still appear in the Current Policy Endpoints list in the Edit Policy Endpoints window. However, if they are not valid endpoint types for the new policy type, they will not be added to the endpoint resource lists, and you will need to select new endpoints for your policy. 7 To modify the list of endpoints for any of the policy types, click the Edit... button that appears either to the right or below the list of endpoint resources. This displays the Edit Policy Endpoints Window discussed in detail on page 423. • Add resources to or remove them from the Current Policy Endpoints list. See “Edit Policy Endpoints Window” on page 423 for more detailed information about this window. • Click the OK button to closes the Edit window and displays the modified contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area. • Click Cancel to close the Edit window and abandon any changes you have made to the Current Policy Endpoints list. 428 EPICenter Software Installation and User Guide Deleting a Policy 8 To modify the access domain or policy scope click the Edit... button to the right of the Policy Scope resource list. The Edit Policy Access Domain/Policy Scope Window is displayed. This window is discussed in detail in “Edit Policy Endpoints Window” on page 423. The left side of this window (Select Network Resource Endpoint(s) to be Added) displays the resources currently defined in the Grouping applet. • Add resources to or remove them from the Current Policy Scope Resources List. See “Edit Policy Access Domain/Policy Scope Window” on page 425 for more information. • Modify the QoS Profile that should be configured on the device for this policy by selecting a resource in the Current Policy Scope Resources list, and then selecting a profile from the drop-down list associated with that resource. • Click OK to close the Edit window and display the contents of the Current Policy Endpoints list in the appropriate resource list in the Policy Traffic area. • Cancel closes the Edit window and abandons any changes you have made to the Current Policy Endpoints list. • To change the precedence of an entry in the Policy Scope resources list, select the entry and use the Up or Down buttons to move it in the list. Moving it up will give it higher precedence; moving it lower will reduce its precedence. The order in which the resources are displayed in the Policy Scope Resource list determines their precedence. If individual device appears more than once in the list (as a member of multiple groups, for example) and the QoS profile setting of each of those occurrences is in conflict, the first occurrence of the device in the list will determine which profile will be used. 9 To save your modified policy definition, click the Save button. If you attempt to leave the policy definition page without saving your changed, a small Confirm Save Policy Changes pop-up appears, asking if you want to save the changes. • Click Yes to save your changes. • Click No to abandon your changes. • Click Cancel to return to the Policy Definition page of the policy you were modifying. Deleting a Policy Use the Delete policy button to delete the currently selected policy. A pop-up window appears asking for confirmation of the deletion. Click Yes to proceed with the deletion, or No to cancel the operation. Resetting a Policy Use the Reset policy button to undo the changes you have made to a policy definition at any time before you save it. The reset operation returns the settings of the policy to the last saved settings for the policy. In the case of a new policy, it will remove all policy settings. EPICenter Software Installation and User Guide 429 Using the Policy Manager Configuring Policy Precedence To configure the precedence settings of your policies, click the Order Policy Precedence button as shown in Figure 215. to display the Order Policy Precedence window Figure 215: Order Policy Precedence window Policies are displayed in the Configure Policy Precedence window in their current precedence order, from highest at the top to lowest at the bottom. The top entry in the list has the highest priority, the last entry has the lowest priority. In the case where multiple policies could apply to the same traffic flow, the policy with higher priority is used by the switch over policies of lower priority. The policy precedence defined in this window only controls the relationships between policies of the same type. Policies of different types have a predefined precedence relationship: Security and IP QoS policies are the highest priority, Source Port QoS policies are second, and VLAN QoS policies have the lowest priority. For Security and IP policies, the precedence can be manipulated between the two types since they are of similar type in this respect. For VLAN and source port policies, you can only manipulate its precedence relative to other policies of the same type. If all other precedence variables are equal, and you do not change the precedence order explicitly, then precedence is determined by the time of creation, with the policy created last having the lowest precedence, and will appear at the bottom of the list. • To change the precedence of a policy, select the policy, and click the appropriate Up or Down arrow button to move the policy higher or lower in the list. Move a policy up in the list to give it priority over the policies below it in the list. Move it lower in the to reduce its priority relative to other policies. • Clicking Cancel at any time prior to clicking OK will restore the precedence settings to those currently in effect relative to the selected policy. • Click the OK button to save the changes for the affected policies. 430 EPICenter Software Installation and User Guide Viewing and Modifying QoS Profiles Viewing and Modifying QoS Profiles QoS profiles cannot be added, deleted, or renamed. You can change the priority and bandwidths of each of the eight profiles, QP1 through QP8, and configure your modified profiles on a selected set of devices, or on individual ports on a device. You cannot change the settings of the “blackhole” profile, which is set to priority “deny” and does not use the minimum or maximum bandwidth settings. To view or change the current QoS profile definitions in the Policy System, click the Configure QoS profiles button Profiles window (see Figure 216). . This displays the Configure QoS The Configure QoS Profiles window is similar to the Edit Policy Endpoints window shown in Figure 205 and discussed in detail on page 418. Figure 216: Configure QoS Profiles window To modify the settings or device scope of a QoS profile, follow these steps: 1 Select the profile you want to modify from the drop-down menu. The default definitions for the eight QoS profiles you can configure are shown in Table 12. Table 12: Default QoS Profile Settings QoS Treatment Name Priority Min Bandwidth Max Bandwidth QP1 low 0 100% QP2 lowHi 0% 100% QP3 normal 0% 100% QP4 normalHi 0% 100% QP5 medium 0% 100% EPICenter Software Installation and User Guide 431 Using the Policy Manager Table 12: Default QoS Profile Settings (continued) QoS Treatment Name Priority Min Bandwidth Max Bandwidth QP6 mediumHi 0% 100% QP7 high 0% 100% QP8 highHi 0% 100% NOTE For devices running older versions of ExtremeWare (prior to 6.x) only four QoS profiles (QP1-QP4) are supported. Their priorities are low, normal, medium, and high. If you select a profile that is not supported on the device you are configuring, the profile will not be configured on the device. 2 To change the minimum bandwidth for the profile, type a value into the Min Bandwidth field. The value must be between 0 and 89, and less than or equal to the value you plan to use for maximum bandwidth. NOTE The sum of all minimum bandwidth cannot be greater than 90%. 3 To change the maximum bandwidth for the profile, type a value into the Max Bandwidth field. The value must be between 0 and 100, and greater than or equal to the minimum bandwidth specified in the previous field. 4 To change the priority, select one of the eight priorities (low, lowHi, normal, nornalHi, medium, mediumHi, high, highHi, or deny) from the drop-down menu in the Priority field. 5 To specify the devices or ports on which this modified profile should be configured, select devices or groups from the Select Resources to be Added part of the window, and move them to the Resource Results list. The Select Resources to be Added part of the window shows the resources currently defined in the Grouping applet. When you select a group in the component tree, its children (groups or individual devices) are displayed in the associated Resource list (the right half of the Select Resources to be Added area). You can select groups, individual devices, or individual ports as resources on which the QoS profile should be configured. If you select a group that does not contain any devices as children, the group is added to the Resource Results list, but will not affect the QoS profile configuration. • Select one or more individual resources or groups from the Select Resources to be Added list, and click the Add button to add them to the Resource Results list. • Click the Add All button to add all the resource children of the group you have selected in the component tree. • To remove resources from the Resource Results list, select one or more resources and click the Remove button. • To remove all resources from the Resource Results list, click the Remove All button. To view the QoS profiles currently configured on a device, use the ACL Viewer, select a device in the component tree, and then select the QoS Profile tab to view the current device configuration. 432 EPICenter Software Installation and User Guide Configuring QoS Policies Configuring QoS Policies There are several ways to configure your enabled policies onto the affected devices: • Auto Configuration: You can have the EPICenter server make configuration changes on the affected devices any time it detects a change. • Directed Configuration: You explicitly direct that configuration changes should be made by invoking the configuration function. You can direct a configuration operation for an individual device or for all devices. Policies that are not enabled are not configured on any devices through either of these methods. Auto Configuration If auto configuration is enabled , any changes you make within the EPICenter software may trigger an immediate recomputation and reconfiguration of the QoS policies on your network. When auto-configuration is enabled, a policy reconfiguration may be triggered by any of the following events: • Changes to group memberships made through the Grouping Manager or Inventory Manager that affect a group used to define a policy endpoint or policy scope • Network login/802.1x user login/logout • Changes made through the ExtremeWare CLI or ExtremeWare Vista on a device managed by the EPICenter server • A user login or end station reboot when DLCS is enabled • Saving a change to a policy within the Policy Manager The status icon displayed in the upper right corner of the Policy Manager indicates that the configuration is occurring (see “Configuration Status” for details). If auto configuration is disabled , you must explicitly perform the configuration process. In this mode, policies can be created or modified and saved, but they are not configured on the network until a directed configuration (Config or Config All) is done. NOTE It is strongly recommended that you disable auto configuration while editing multiple policy definitions or changing the precedence of policies, especially if they involve the “blackhole” profile (deny access). With auto configuration enabled, each change is configured on the network immediately as the individual policy is changed, possibly before the appropriate precedence relationships have been established. This could cause serious network connectivity problems. After all changes have been made, you can re-enable auto configuration so that all configuration changes will be made only after the correct precedence relationships have been established. Configuration Status When an automatic configuration operation occurs the configuration status icon, shown at the upper right corner of the Policy Manager, displays an animated status indication of the progress of the configuration. • First, the Policy Manager must compute the access list and QoS rules based on your policy definitions. This is indicated by an animated display of the following graphic: EPICenter Software Installation and User Guide 433 Using the Policy Manager • Second, the Policy Manager applies the computed policies to the device (those policies that are valid, and not in conflict with any other policies). This is indicated with another animated display: When the configuration is complete, the icon returns to its quiescent state. You can use the ACL Viewer to view the results of the policy configuration. Directed Configuration You can configure policies on a selected device or group of devices, or on all devices known to the EPICenter server in one operation. • From the ACL Viewer, you can configure policies on selected devices. Select the device or group in the component tree, and click the Config button. • To configure all policies on all devices at once, click the Cfg All button either the Policies View or from the ACL Viewer. . . You can do this from In either case, a pop-up window appears asking for confirmation of the configuration. Click Yes to proceed with the configuration, or No to cancel the operation. A message window (shown in Figure 217) pops up to show you the progress of the configuration. Figure 217: Message window showing policy configuration progress Devices are listed followed by a small purple rotating clock icon in progress. while the configuration function is • When a configuration has been successful, the clock turns into a green checkbox • If the configuration fails, the clock turns into a red X . and the device name is displayed in red. The indicators just below the tree area of the window show the number of devices currently in each state. To see the messages related to the configuration function (either successful or unsuccessful), select a device in the list. The messages related to the device are displayed as lines under the device node. 434 EPICenter Software Installation and User Guide Configuring QoS Policies • Click the plus sign at the left of the device name to display server messages related to configuring the device. • Click the minus sign at the left of the device to hide the server messages. • The up and down arrow buttons let you move up and down the device tree, displaying the server messages associated with each device. • If you check the Errors Only box, the up and down arrow buttons will expand only devices that had errors. • The Collapse All button collapses all the device nodes, hiding all the server messages. EPICenter Software Installation and User Guide 435 Using the Policy Manager 436 EPICenter Software Installation and User Guide 20 The ACL Viewer This chapter describes how to use the EPICenter Policy Manager for: • Viewing the policy configurations currently configured on Extreme devices • Viewing the policy configurations specified for a device through the EPICenter Policy Manager • Comparing policy configurations specified within the EPICenter Policy Manager with the policies currently configured on a device • Setting up IP policies on Cisco devices managed by the EPICenter server The ACL Viewer lets you view information about the policies you’ve specified for the devices in your network: • The traffic patterns computed from the policies you have defined. • The actual access list or QoS rules generated by the EPICenter Policy Manager, based on the policies you have defined. It also shows the rules currently configured on a selected device, and lets you compare the actual rules with the rules generated by the Policy Manager based on your policy definitions. Rules for Access-based Security policies will normally only be displayed while the users are logged into the network. • The QoS Profile settings for the devices managed by the EPICenter server. The ACL Viewer shows information about the policies you’ve defined, even if they have not been configured on the network. Thus, you can use the ACL Viewer to preview the rules you’ve specified before they take effect on your network. The ACL Viewer organizes information by device scope—information related to a policy is presented relative to the currently-selected resource (device or group). To invoke the Policy Manager, click the Policy button in the Navigation Toolbar. When the Policy Manager applet first appears, the Policies View is selected. To view the access list and QoS rules currently defined for devices managed by the EPICenter Policy Manager, click the ACL Viewer radio button just above the component tree. The ACL Viewer also displays Network Login/802.1x activity for a specific device, slot, or port. The ACL Viewer displays the Access List summary view for the top level of the component tree (the Groups node) as shown in Figure 218. The Access List summary view provides an overview of the IP policies defined in the Policy Manager, as related to their scope definitions. EPICenter Software Installation and User Guide 437 The ACL Viewer Figure 218: Top-level Access List view in the ACL Viewer From either the Policies View or ACL Viewer, you can modify the QoS profiles, change policy precedence, and configure the currently-enabled policies on one or more devices. ACL Viewer Summary Displays When the Groups node is displayed in the ACL Viewer, you can view a summary of the rules created for Access Lists, VLAN QoS, and Source Port QoS. The format of each of these displays is the same, and is organized by policy scope—one entry for each policy and scope resource (device or group). If a policy has multiple scope resources, each has a separate entry. For example, in Figure 218, the policy ip1 is scoped on two individual devices, so there are two entries in the list for that policy. Each entry in the summary display shows the following: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order. • Policy is the name of the policy. • Scope shows the scope resource (device or group) and its associated QoS profile. • Enabled indicates whether the policy is enabled for this policy scope. A green check ( ) indicates that the policy is enabled. A red X ( ) indicates that the policy is not enabled. A policy that is not enabled will not be configured on the devices within the scope, either automatically or when you start a configuration manually. The Access List display shows IP and Security policies only. If the Security policy allows the system to dynamically determine the IP at network login, then those policies will only appear while the user is 438 EPICenter Software Installation and User Guide Access List Display logged into the network. The VLAN QoS page display shows VLAN policies, and the Source Port QoS page shows Source Port policies. Access List Display You can use the Access List display to view traffic patterns and access list rules generated by your EPICenter IP policies and active Security policies. At the group level, you can view the traffic patterns generated by all the IP and Security policies that include a selected group in the policy scope or domain. At the individual device level, you can view all the access rules generated by EPICenter policies for an Extreme i-series device or a Cisco device, as well as the policies actually configured on the device. Most Security policies are shown only while the user is actively connected to the network. NOTE IP policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or 6.0.x or later. Non-i-series devices only support IP policies if they run ExtremeWare 5.0x. (All Extreme Networks devices support VLAN QoS.) IP policies are also supported on Cisco devices. • To display the traffic patterns generated by the IP and Security policies that include the group in the policy scope, select a group in the component tree. The Access List page shows all the traffic patterns generated by any IP and Security policies that have the selected group in its scope (see Figure 219). Figure 219: Traffic patterns generated from IP policies for scoped devices EPICenter Software Installation and User Guide 439 The ACL Viewer The display includes the following information: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order. • Policy displays the name of the policy. • Protocol indicates the protocol specified for the traffic (UPD, TCP, etc. in the example). • Dest IP is the destination IP address, derived from one of the host specifications. • Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Src IP is the source IP address, derived from one of the host specifications. • Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Profile is the QoS profile that applies to this traffic flow. • Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern. If a rule is a duplicate, only one of the duplicate rules is used to configure the device. The rule used is based on the precedence of the duplicate rules. To view the access list rules related to a specific device, select the device. If the device supports IP and Security policies (Extreme devices running 5.0x, 6.1 or later, or Cisco devices), the Access List page displays a comparison of the “ideal” access list rules (rules generated by the EPICenter Policy Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 220. Figure 220: AccessList display showing rules for an i-series device The View field at the top of the display lets you select how you want to view the device rules. You can view the Access List rules in three ways: • Select Compare policy and configured rules from the drop-down list to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 220). 440 EPICenter Software Installation and User Guide Access List Display • Select View policy rules from the drop-down list to display the EPICenter rules only. • Select View configured rules from the drop-down list to display the configured rules only. Policy Rule Comparison The policy rule comparison display shows both the ideal rules, as generated by the EPICenter Policy Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown in the right half of the table. The rows in the comparison display are displayed in colors that indicate the status of the rule: • Green indicates that the rule is a valid rule (is not in conflict with a rule already on the device), but that it has not been configured on the device. Only the Ideal side of the table is filled in for these rules. • White indicates that the rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in. • Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in. • Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter Policy Manager. Only the Configured side of the table is filled in for these rules. The columns in the display show information as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header sorts the policies in precedence order. • Policy displays the name of the policy. • Ideal Traffic is a policy traffic definition specified for this policy. The summary in this field includes the protocol, the In Ports, the destination IP address and ports, and the source IP address and ports. • Ideal Profile is the QoS profile specified in the Policy Manager for this traffic flow. • Ideal Rule Precedence is the precedence specified for the rule by the Policy Manager. • Config Rule displays the name of the rule on the device (as specified either through the Policy Manager or through the ExtremeWare CLI). • Config Traffic is the traffic definition to which this rule applies. The summary in this field includes the protocol, the ingress ports (In Ports) on the switch, the destination IP address and ports, and the source IP address and ports. • Config Profile is the QoS profile applied to this traffic flow. • Owner indicates how the rule was generated. If the rule was configured by the Policy manager, the owner will be EPICenter. If the rule was configured through the ExtremeWare CLI or through ExtremeWare Vista, then no owner name is set. • Config Rule Precedence is the precedence specified for the rule, either by the Policy Manager or through the ExtremeWare CLI. EPICenter Software Installation and User Guide 441 The ACL Viewer View Policy Rules The Policy Rules display shows details of the ideal rules, as generated by the EPICenter Policy Manager. The information in this display is as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header sorts the policies in policy precedence order. • Policy displays the name of the policy. • Protocol indicates the protocol specified for the traffic (UPD, TCP, etc. in the example). • In Ports shows the switch ingress ports specified for this rule on this device. • Dest IP is the destination IP address, derived from one of the host specifications. • Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Src IP is the source IP address, derived from one of the host specifications. • Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Rule Precedence is the precedence value assigned to the rule by the Policy Manager. • Profile is the QoS profile specified for this traffic flow by this policy. • To be used indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are: — Yes, the rule can be used. — No (duplicated) indicating that the rule duplicates another rule. — No (disabled) indicating that the policy is disabled. View Configured Rules The Configured Rules display shows details of the rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows: • Rule displays the name of the rule. • Protocol indicates the protocol specified for the traffic. • In Ports shows the switch ingress ports specified for this rule on this device. • Dest IP is the traffic destination IP address. • Dest L4 Port is the L4 port associated with the destination IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Src IP is the traffic source IP address. • Src L4 Port is the L4 port associated with the source IP address, if a port has been specified. An asterisk indicates the specification “Any.” • Rule Precedence is the precedence value assigned to the rule. • Profile is the QoS profile that applies to this traffic flow. • Owner indicates how the rule was generated. If the rule was configured by the Policy Manager, the owner will be EPICenter. 442 EPICenter Software Installation and User Guide VLAN QoS Display VLAN QoS Display You can use the VLAN QoS display to view traffic patterns and access list rules generated by your EPICenter VLAN QoS policies. At the group level, you can view the traffic patterns generated by all the VLAN QoS policies that include a selected group in the policy scope. At the individual device level, you can view all the VLAN QoS rules generated by VLAN QoS policies for Extreme devices, as well as the policies actually configured on the device. VLAN QoS is supported on both i-series and non-i-series devices. • To display the traffic patterns generated by the VLAN QoS policies that include the group in the policy scope, select a group in the component tree. The VLAN QoS page shows all the traffic patterns generated by any VLAN QoS policies that have the selected group in its scope (see Figure 221). Figure 221: Traffic patterns generated from VLAN QoS policies for scoped devices The display includes the following information: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in precedence order. • Policy displays the name of the policy. • VLAN is the VLAN for which this policy is specified. • Profile is the QoS profile that applies to this VLAN. • Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern. To view the VLAN QoS rules related to a device, select the individual device. The VLAN QoS page displays a comparison of the “ideal” VLAN QoS rules (rules generated by the EPICenter Policy EPICenter Software Installation and User Guide 443 The ACL Viewer Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 222. Figure 222: VLAN QoS display showing ideal and configured rules for a device The View field at the top of the display lets you select how you want to view the device rules. You can view the Access List rules in three ways: • Select Compare policy and configured rules from the drop-down list to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 220). • Select View policy rules from the drop-down list to display the EPICenter rules only. • Select View configured rules from the drop-down list to display the configured rules only. Policy Rule Comparison The VLAN QoS policy rule comparison display shows both the ideal rules, as generated by the EPICenter Policy Manager (shown in the left half of the table) and the configured rules as they exist on the device, shown in the right half of the table. The rows in the comparison display are displayed in colors that indicate the status of the rule: • White indicates that the rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in. 444 EPICenter Software Installation and User Guide Source Port QoS Display • Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the treatment specified (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in. • Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter Policy Manager. Only the Configured side of the table is filled in for these rules. The columns in the display show information as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order. • Policy displays the name of the policy. • Ideal Rule VLAN is the VLAN specified by this policy. • Ideal Rule Profile the QoS profile specified for this traffic flow by this policy. • Config Rule VLAN is the VLAN to which the QoS rule applies. • Config Rule Profile is the QoS profile that applies to this VLAN. View Policy Rules The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the EPICenter Policy Manager. The information in this display is as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order. • Policy displays the name of the policy. • VLAN is the VLAN specified by this policy. • Profile is the QoS profile that is specified for this VLAN by this policy. • To be used indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are: — Yes, the rule can be used. — No (duplicated) indicating that the rule duplicates another rule. — No (disabled) indicating that the policy is disabled. • View Configured Rules The Configured Rules display shows details of the VLAN QoS rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows: • VLAN specifies the VLAN to which the VLAN QoS rule applies. • Profile is the QoS profile that applies to this traffic flow. Source Port QoS Display You can use the Source Port QoS display to view traffic patterns and Access List rules generated by your EPICenter Source Port QoS policies. At the group level, you can view the traffic patterns generated by all the Source Port QoS policies that include the selected group in the policy scope. At the individual device level, you can view all the Source Port QoS rules generated by EPICenter policies for an Extreme i-series device, as well as the policies actually configured on the device. EPICenter Software Installation and User Guide 445 The ACL Viewer NOTE Source Port QoS policies can only be configured on Extreme Networks devices running ExtremeWare versions 5.0x or 6.x or later. Non-i-series devices only support Source Port QoS if they run ExtremeWare 5.0x. • To display the traffic patterns generated by the Source Port QoS policies that include the group in the policy scope, select a group in the component tree. The Source Port QoS page shows all the traffic patterns generated by any Source Port QoS policies that have the selected group in its scope (see Figure 221). Figure 223: Traffic patterns generated from Source Port QoS policies for scoped devices The display includes the following information: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order. • Policy displays the name of the policy. • Source Port is the device and port for which this policy is specified. • Profile is the QoS profile that applies to this VLAN. • Status indicates whether the traffic pattern is unique or if it duplicates another traffic pattern. Each port is listed separately in the table, as a rule is generated for each port specified by the policy, even if they are specified in a single policy definition in the Policy Manager. 446 EPICenter Software Installation and User Guide Source Port QoS Display To view the Source Port QoS rules related to a device, select the device. The Source Port QoS page displays a comparison of the “ideal” Source Port QoS rules (rules generated by the EPICenter Policy Manager based on your policy definitions) and the rules actually configured on the device, as shown in Figure 222. Figure 224: Source Port QoS display showing ideal and configured rules for a device The View field at the top of the display lets you select how you want to view the device rules. You can view the access list rules in three ways: • Select Compare policy and configured rules from the drop-down list to compare the EPICenter-generated rules with the rules configured on the device (as shown in Figure 220). • Select View policy rules from the drop-down list to display the EPICenter rules only. • Select View configured rules from the drop-down list to display the configured rules only. Policy Rule Comparison The Source Port QoS policy rule comparison display shows both the Ideal rules, as generated by the EPICenter Policy Manager (shown in the left half of the table) and the Configured Rules as they exist on the device, shown in the right half of the table. The rows in the comparison display are displayed in colors that indicate the status of the rule: • Green indicates that the rule is a valid rule (is not in conflict with a rule already on the device), but that it has not been configured on the device. Only the Ideal side of the table is filled in for these rules. EPICenter Software Installation and User Guide 447 The ACL Viewer • White indicates that the rule is valid, and has been configured on the device. Both the Ideal and Configured sides of the table are filled in. • Yellow indicates that the EPICenter-generated “ideal” rule conflicts with a rule already configured on the device. Two rules conflict when the traffic patterns for the rule are the same but the specified treatment (the QoS profile) is different. Both the Ideal and Configured sides of the table are filled in. • Blue indicates that the rule is configured on the device, but it was not generated by the EPICenter Policy Manager. Only the Configured side of the table is filled in for these rules. The columns in the display show information as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order. • Policy displays the name of the policy. • Ideal Source Port displays the name of the device and the port specified by this policy. • Ideal Profile indicates the QoS profile specified for port by this policy. • Config Source Port is the device and port to which the QoS rule applies. • Config Rule Profile is the QoS profile that applies to this port. View Policy Rules The Policy Rules display shows details of the Ideal Source Port QoS rules, as generated by the EPICenter Policy Manager. The information in this display is as follows: • ! (exclamation point) is an empty column used to invoke a sort by policy precedence. Clicking the column header will sort the policies in policy precedence order. • Policy displays the name of the policy. • Source Port is the device and port specified by this policy. • Profile is the QoS profile that is specified for this VLAN by this policy. • To be used indicates whether the rule is acceptable for configuration on the device (not in conflict with any other rules). Values for this column are: — Yes, the rule can be used. — No (duplicated) indicating that the rule duplicates another rule. — No (disabled) indicating that the policy is disabled. View Configured Rules The Configured Rules display shows details of the Source Port QoS rules that are actually configured on the device, either through the EPICenter Policy Manager or the ExtremeWare CLI. The information in this display is as follows: • Source Port specifies the device and port to which this treatment (QoS profile) applies. • Profile is the QoS profile that applies to this port. • Owner indicates how the rule was generated. If the rule was configured by the Policy Manager, the owner will be EPICenter. 448 EPICenter Software Installation and User Guide QoS Profile Display QoS Profile Display The QoS Profile display shows the QoS profiles defined for the selected device. For i-series devices, this displays the eight profiles (QP1 through QP8) and the “blackhole” profile. For non-i-series devices, it shows the four QoS profiles (QP1 through QP4) and the “blackhole” profile. For i-series devices, it also shows per-port QoS profile settings that are different from the QoS profile settings for the device as a whole. Figure 225 shows a QoS Profile display for an i-series device. Figure 225: QoS profile display for an i-series device The top table in the display, the Device profile settings, shows the QoS Profile settings configured for the device as a whole. The lower table, the Port exception QoS Profiles, appears only for i-series devices running ExtremeWare 6.2 or later, and shows the QoS settings for any ports that have had a QoS profile defined individually for the port. The information in the QoS Profile display is as follows: • Profile is the name of the profile. • Min BW is the minimum bandwidth setting. • Max BW is the maximum bandwidth setting. • Priority is the priority setting (low, lowHi, normal, nornalHi, medium, mediumHi, high, highHi, or deny) of the profile. • Policy shows the policies that use this profile on this device. EPICenter Software Installation and User Guide 449 The ACL Viewer The same columns are shown in the Port exception QoS Profiles table. NOTE For devices running versions of ExtremeWare prior to 6.x, only profiles QP1 through QP4 will be displayed. Network Login/802.1x Display The Network Login/802.1x display shows lists the Network Login/802.1x information about each user connected to the device. Figure 226 shows the Network Login/802.1x display. Figure 226: Network Login/802.1x display The information in the Network Login/802.1x display is as follows: • Port is the port on the device on which the user is logged in. • User Name is the name of the user. • IP Address is the IP address of the user’s host. • Login Type is the login type, either network login or 802.1x. • MAC Address is the MAC address of the user’s host. • VLAN is the VLAN to which the port belongs. The Network Login/802.1x display is updated each time a user logs in and out of the selected device. 450 EPICenter Software Installation and User Guide Cisco Device Policy Setup Cisco Device Policy Setup You can set up IP policies through the ACL Viewer for a Cisco device running Cisco IOS 11.2 or later. 1 Click the ACL Viewer radio button to display the ACL Viewer. 2 Select in the component tree the Cisco device that you want to configure. 3 Select the QoS Profile tab to display the QoS profile settings for the device. 4 Click the Cisco Policy Setup button that appears at the bottom of the QoS Profile page for a Cisco device. This displays the Cisco Device Policy Setup pop-up window. If you have not yet set the device up to be managed by EPICenter, the pop-up window appears as shown in Figure 227. Figure 227: Cisco Device Policy Setup window for an unmanaged Cisco device Cisco Policy Setup button Cisco Device Policy Setup window 5 To configure policy for the device through the EPICenter Policy Manager, the device must be managed by the EPICenter server. Click the Manage this device radio button to specify that you want to manage the device. This changes the Cisco Device Policy Setup window to display the device configuration settings, as shown in Figure 228. EPICenter Software Installation and User Guide 451 The ACL Viewer Figure 228: Setting up Cisco device policy The initial values displayed either read from the switch, or are default values determined by the EPICenter server. 6 To change the Starting Access List, Custom Queue List, or Priority Queue List, type or select a new value in the appropriate field. The values you can use for these are as follows: • Starting Access List: The EPICenter Policy Manager uses ten consecutive access lists to specify traffic on a Cisco device. You can specify the starting access list, and EPICenter will use that list plus the following five. For example, if you specify 100, then EPICenter will use access lists 100 through 109. You can specify a starting access list between 100 and 190. • Custom Queue List: You may specify a custom queue list for the EPICenter software to use to apply policies that do bandwidth control. You can select a custom queue list from 1 to 16 from the drop-down menu provided. The setting Don’t use indicates that no custom queue list is configured on the device. • Priority Queue List: You can specify a priority queue list for the EPICenter software to use to apply policies that do priority control. You can select a priority queue list from 1 to 16 from the drop-down menu provided. The setting Don’t use indicates that no priority queue list is configured on the device. 7 For each interface to which the EPICenter Policy Manager will apply policies, select the interface in the Interface list, and select a queueing strategy from the drop-down list in the Queueing Strategy field. • Select custom queuing to bind the custom queue you have selected to the interface, so the Policy Manager can do bandwidth control on this interface. • Select priority queueing to bind the priority queue you have selected to the interface, so the Policy Manager can do priority control on this interface. 452 EPICenter Software Installation and User Guide Cisco Device Policy Setup • Select don’t manage if the Policy Manager should not manage this interface. This is the default strategy. 8 Click OK when you have completed your policy setup. After you have specified the access lists, and the custom and priority queue lists for the device, the EPICenter Policy Manager will assume complete control of these resources. They will override any other settings configured externally for these resources. The parameters are stored in the EPICenter database, and are also written into the Cisco device login banner. If the same device is added again or “sync”ed to the EPICenter database, these parameters will be read from the device during the synchronization process. NOTE Configuring the banner causes the Cisco device to lose all ACL rules configured by EPICenter (but not any other rules). If auto-configuration is enabled, the rules will be reconfigured automatically. If auto-configuration is disabled, you should reconfigure the device using the directed Config operation after configuring the banner. EPICenter Software Installation and User Guide 453 The ACL Viewer 454 EPICenter Software Installation and User Guide A Troubleshooting This appendix describes how to: • Resolve problems you may encounter that are related to the EPICenter server • Resolve problems you may encounter while using the EPICenter client application Troubleshooting Aids If you are having problems with EPICenter, there are several things you can do to help prevent or diagnose problems. Using the Stand-alone Client Application To enable debugging and log the output to a file in the stand-alone client application, you can run the EPICenter client in debug mode. In Windows 2000/XP, enter one of the following commands at the prompt in a command window or in the Run field. If you have both server and client installed on the same system: c:\Program Files\Extreme Networks\EPICenter 4.1 > runclient.exe DEBUG DEBUG > <logfile> If you have the client only installed: c:\Program File\extreme Networks\EPICenter 4.1 > runclient.exe DEBUG DEBUG > <logfile> In Solaris, enter the one of the following commands at a command prompt. If you have both server and client installed on the same system: /opt/extreme/epc4_1/runclient DEBUG DEBUG >& <logfile> If you have the client only installed: /opt/extreme/epc4_1_client/runclient DEBUG DEBUG >& <logfile> <logfile> is the name of the log file to be created. If you installed the client on a different drive and directory, make the appropriate substitutions. Optionally, piping output to “tee,” if you have it available, allows you to see the logs on the console as well as logging the data into the file. EPICenter Software Installation and User Guide 455 Troubleshooting Be sure to use different log file names if you are running multiple clients on the same machine. Using the Browser-based Client (Windows Only) NOTE After a problem occurs, prior to pointing the browser to the EPICenter server, it is recommended that you clear all browser cache information, including disk cache, and close and re-open the browser. If you are using the browser-based client, please try to duplicate the problem with the Java Console enabled in Internet Explorer. Look at the Java Console window and copy/paste (using [Ctrl]+C and [Ctrl]+V on Windows 2000/XP) the contents into a text file. If a problem occurs, Extreme Networks customer support may require the Java Console output. In addition, you can run the client in a debug mode in the browser: 1 Start the client with the URL http://<host>:<port>/everest/debug. 2 After you enter your login information, but before the main EPICenter page is displayed, a page with debug settings is displayed. 3 Select Info for “Client Debug Level” 4 Click Submit Query. This enables more detailed information to be logged. Enable the Java Console To facilitate problem diagnosis, you can attempt to duplicate the problem with the Java Console enabled. To enable the Java Console, do the following: 1 From the Windows Start menu, select Programs, then Java Plug-in Control Panel and launch the Control Panel. 2 On the Basic page, click the Show Java Console check box. 3 Click Apply. The next time you launch the EPICenter client, the Java Console will start automatically. NOTE Running with the Java Console displayed may affect the performance of the EPICenter client. There is limited space for Java Console messages; once the console log file is filled, no more messages will be recorded. If you are trying to duplicate a problem, clear the Java Console log file periodically by clicking the Clear button at the bottom of the window. You can close the Java Console by clicking the Close button at the bottom of the window. However, once it is closed, it can only be restarted by closing and restarting the browser. 456 EPICenter Software Installation and User Guide EPICenter Client EPICenter Client Problem: Client is unable to connect to the EPICenter server. Verify that the EPICenter Server process is running. Verify that the server is running on the specified port. You can try to connect to the server’s HTTP port using a browser. If the server is running and you are using the correct port, the EPICenter main page will be displayed. If you are running the client on the same system as the EPICenter server, you can also use the Port Configuration utility to determine the port on which the EPICenter server is running. To run the Port Configuration utility, go to the Windows Start menu, and select Programs, then Extreme Networks, followed by EPICenter 4.1, then Port Configuration. For more information on the Port Configuration utility, see Appendix B. Problem: Colors in client interface are incorrect (Windows 2000, Windows XP). The Color Palette must be set for 65536 colors (or True Color). If your display is set for only 256 colors, the colors in the left-hand panel (the Navigation Toolbar) and the EPICenter applets themselves may be incorrect. To change the color palette, double-click the Display icon in the Control Panel, select the Settings tab, and use the drop-down list in the Color Palette field to select the appropriate setting. Problem: After running for a while, the display disappears in some applets (Windows, browser only). Under some conditions in the browser client, the Java Plug-in can run out of memory. If you are running with the Java Console enabled, you may see “Out of Memory” errors recorded in the console log file. To alleviate this problem, you can grant the plug-in more memory through the Java Plug-in Control Panel. 1 From the Windows Start menu, run the Java Plug-in Control Panel. The Plug-in Control Panel should appear with the Basic page displayed. 2 In the Java RunTime Parameters field, enter the following without any embedded spaces: -Xmxnnnm nnn is the maximum number of megabytes of virtual memory available to the plug-in. For example, entering -Xmx128m allows the plug-in to use up to 128 MBytes of virtual memory, and should prevent out-of-memory problem. 3 If you see similar problems with the client application, restart the client to fix the problem. Problem: Browser does not bring up the Login page. Verify the version of the browser you are using. See the system requirements in Chapter 1 or see the EPICenter Release Note and Quick Start Guide shipped with the software. Problem: Browser client software loads and allows login, but data is missing or other problems arise. Clear your browser’s cache, exit the browser, and restart it. This frequently clears up miscellaneous start-up problems in the client. EPICenter Software Installation and User Guide 457 Troubleshooting In Internet Explorer, clear cache by selecting Internet Options under the Tools Menu, then clicking Delete Files under the Temporary Internet Files section of the General tab. Problem: Cannot cut, paste or print from the browser-based client, or save to the local file system. As of EPICenter 4.0 the browser-based client no longer supports cut/paste/print or save from the browser-based client. These functions are supported only in the stand-alone client application. EPICenter Database Problem: DBBACKUP utility will not run if LD_LIBRARY_PATH variable is not set correctly In order for DBBACKUP to run, the LD_LIBRARY_PATH environment variable must include the path <install_dir>/database (by default, /opt/epc_30/database). There are some needed .so files in that directory. (10051) Problem: Database server will not restart after incorrect shut down If the EPICenter server is shut down incorrectly, the database may be left in an invalid state. In this case, an “Assertion failed” error may occur when attempting to restart the server. To recover the database in Windows 2000 or Windows XP, do the following: 1 Open a DOS command window. The following commands assume you have accepted the default installation location, c:\epc4_1. If you have installed EPICenter in a different location, substitute the correct installation directory in the commands below. 2 Go to the EPICenter install directory: cd c:\epc4_1 3 Add the EPICenter database directory to your path: set path=c:\program files\epicenter4.1\database;%path% 4 Execute the following command: database\dbeng7.exe -f basecamp.db 5 Watch the output from this command. If the database program indicates it cannot recover the database, delete the database log: del basecamp.log and try executing the previous command again: database\dbeng7.exe -f basecamp.db 6 If the database is successfully recovered, restart the server. If the database cannot be recovered, you will need to restore the database from a backup. See Appendix F for instructions on restoring the database from a backup. To recover the database in Solaris, do the following: 1 Open a shell window (csh is used for the following example). The following commands assume you have accepted the default installation location, /opt/extreme/epc4_1. If you have installed EPICenter in a different location, substitute the correct installation directory in the commands below. 458 EPICenter Software Installation and User Guide EPICenter Server Issues 2 Go to the EPICenter install directory: cd /opt/extreme/epc4_1 3 Make sure the LD_LIBRARY_PATH environment variable is set to the EPICenter directory installation directory: setenv LD_LIBRARY_PATH /opt/extreme/epc4_1/database 4 Execute the following command: database/dbeng7.exe -f basecamp.db 5 Watch the output from this command. If the database program indicates it cannot recover the database, delete the database log: rm basecamp.log and try executing the previous command again: database/dbeng7.exe -f basecamp.db 6 If the database is successfully recovered, restart the server. If the database cannot be recovered, you will need to restore the database from a backup. See Appendix F for instructions on restoring the database from a backup. EPICenter Server Issues Problem: Cannot talk to a specific switch. Verify that the switch is running ExtremeWare software version 2.0 or later. Ping the switch's IP address to verify availability of a route. Use the ping command from a MS DOS or Solaris command shell. Verify that the read and write community strings used in the EPICenter match those configured on the switch. Problem: ExtremeWare CLI or ExtremeWare Vista changes are not reflected in EPICenter. Verify that the switch is running ExtremeWare software version 2.0 or later. From the Inventory Manager, click Sync to update the information from the switch. This refreshes the switch specific data, validates the SmartTrap rules, and ensures that the EPICenter server is added as a trap receiver (Extreme switches only). If the problem persists, verify that the EPICenter workstation has been added in the list of trap destinations on the given switch: 1 Telnet to the switch. 2 Log in to the switch. 3 Type show management to verify that the system running the EPICenter is a trap receiver. An Extreme switch can support a maximum of 6 trap destinations in ExtremeWare 2.0, and up to 16 trap destinations with ExtremeWare 4.1 or greater. If EPICenter is not specified as a trap destination, EPICenter Software Installation and User Guide 459 Troubleshooting then no SmartTraps are sent, and the data is not refreshed. If you need to remove a trap receiver, use the command: config snmp delete trapreceiver <ipaddress> For details, see the ExtremeWare Software User Guide. Problem: Need to change polling interval, SNMP request time-out, or number of SNMP request retries. You can change the default values for the SNMP polling interval, the SNMP request time-out, or the number of SNMP request retries, through the Administration applet, Server Properties page. You must stop and restart the EPICenter server to have your changes take effect. See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions on stopping and starting the EPICenter server. Problem: Need to change the Telnet or HTTP port numbers used to communicate with managed devices. You can change the port numbers for all managed switches through the Administration applet, Server Properties page. You must stop and restart the EPICenter server to have your changes take effect. See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions on stopping and starting the EPICenter server. Problem: Telnet polling messages can fill up a device’s syslog file. For switches running older versions of ExtremeWare (prior to 6.0), the EPICenter server uses telnet polling to get EDP topology and ESRP information. However, each telnet login and logout message is logged to the switch’s log file, and will eventually fill up the log. You can disable EDP and ESRP logging through the EPICenter Administration applet, Server Properties page. This will also avoid the syslog messages. See Chapter 16 for information on the EPICenter Administration applet. See Chapter 3 for instructions on stopping and starting the EPICenter server. Problem: Traps may be dropped during a trap “storm.” The EPICenter server limits its processing of traps in order to be able to reliably handle trap storms from a single or multiple devices. EPICenter limits its trap processing to 20 traps every 28 seconds from an individual device, and a total of 275 traps every 55 seconds system-wide. Any traps that occur beyond these limits will be discarded, but will be noted in the log.txt file. Exceeding the first limit (>20 traps in 28 seconds) is rare, and should be considered abnormal behavior in the managed device. If you are managing a large number of devices, you may reach the total (275) limit in normal circumstances. If you are managing more than 1000 devices, it is recommended that you increase the total number of traps to 500. The trap processing limits can be changed through server properties in the Administration applet. See Chapter 16 for more information on setting EPICenter server properties. 460 EPICenter Software Installation and User Guide VLAN Manager Problem: Under Solaris, an error occurs when attempting to enable the EPICenter Syslog server function. By default, Solaris runs its own Syslog server. This causes an error “Syslog Server unable to start: Address already in use” when you attempt to enable the EPICenter syslog server. You must first stop the Solaris syslog server in order to have EPICenter act as a Syslog receiver. To stop the Solaris Syslog server, use the command: /etc/init.d/syslog stop Problem: EPICenter is not receiving traps. If the IP address of a lost EPICenter host is changed while EPICenter is running, the system will not receive traps. To fix the problem, restart the EPICenter server. Problem: Policy Manager button does not appear in the Navigation Toolbar. The EPICenter Policy Manager is a separately-licensed module, and requires installation of a separate license key through the instlic license key utility. When you purchase the right to use the Policy Manager applet, you will receive an activation key, found on the License Agreement included in your software package. This key starts with “AC,” and can be used to obtain a permanent license key. You do not need an activation key to obtain an evaluation license key. To obtain a license key, use your browser to connect to the license page at http://www.extremenetworks.com/go/epickey.htm. You can obtain an evaluation key or a permanent key through this page. You will need your activation key to obtain a permanent license key. In either case, you will be asked to enter some information about yourself, and the license key will be sent to you by return e-mail. Follow the instructions in the EPICenter Software Installation Guide or the EPICenter Release Note and Quick Start Guide to add this license to your EPICenter installation. VLAN Manager Problem: Multiple VLANs have the same name. A VLAN is defined by the name, its tag value, and its protocol filter definition. EPICenter allows multiple VLANs of the same name if one of the defining characteristics of one VLAN is different from the other. Problem: Multiple protocols have the same name. EPICenter allows multiple protocols of the same name if one of the defining characteristics of one protocol is different from the other. Problem: Created a new protocol in VLAN Manager, but the protocol does not appear on any switch. When a new protocol is created, it is stored in the EPICenter database. EPICenter only creates the protocol on a switch when the new protocol is used by a VLAN on that switch. Problem: Can only access one of the IP addresses on a VLAN configured with a secondary IP address. EPICenter does not currently support secondary IP addressing for a VLAN. EPICenter Software Installation and User Guide 461 Troubleshooting Problem: Configuration fails when attempting to configure a VLAN with a modified protocol definition. EPICenter does not have a mechanism to modify protocols. When a VLAN is configured through EPICenter to use a protocol that does not exist on the switch, the protocol is first created on the switch. However, if a protocol with the same name but a different definition already exists on the switch, the operation will fail. Problem: An untagged port has disappeared from its VLAN. Check to see if the port has been added as an untagged port to a different VLAN. In EPICenter, adding an untagged port to a VLAN automatically removes the port from its previous VLAN if the port was untagged, and the new and old VLANs used the same protocol. You should receive a warning message when this happens, which lets you proceed with the auto-deletion or cancel the operation. This is different behavior from the ExtremeWare CLI, where you must first delete the port from the old VLAN before you can add it to the new VLAN. Alarm System Problem: Device is in a fault state that should generate a trap or syslog message, and an alarm is defined to detect it, but the alarm does not appear in the EPICenter Alarm Log. There are several possible reasons this can occur. Check the following: • Make sure that the alarm is enabled. • Check that the device is in your alarm scope. • Check that SNMP traps are enabled on the device. • For a non-Extreme Networks device, make sure you have set EPICenter as a trap receiver on the device (see Chapter 8). • For an RMON alarm, make sure you have RMON enabled on the device. • For Syslog messages, make sure that you have the EPICenter Syslog server enabled, and that remote logging is enabled on the device with EPICenter set as a Syslog receiver. • The number of traps being received by the EPICenter server may exceed the number of traps it can handle in a given time period, resulting in some traps being dropped (see the item on dropping traps on page 460). You can change the limits for the number of traps the server should accept (per minute and per 1/2 minute) in the Administration applet. See Chapter 16 for more information on setting EPICenter server properties. Problem: The “Email to:” and “Short email to:” fields are greyed-out in the Actions tab of the New Alarm Definition dialog. You need to specify an e-mail server in order to send e-mail. Click the Settings... button next to the Email to field to set up your mail server. Problem: An RMON rule is defined to monitor a counter variable, and to cause an alarm when the counter exceeds a certain value. The counter has exceeded the threshold value but no alarm has occurred. There are several things to check: 462 EPICenter Software Installation and User Guide Alarm System • Make sure the RMON rule and the alarm definition are set up correctly • If the value of the counter was already above the threshold value when you set up the RMON rule, and you have the Sample Type set to Absolute, no alarm will ever be generated. This because the value must fall below the Falling Threshold value before the before another Rising Threshold trap will be sent, and this will never occur. You should consider using the Delta Sample Type instead. Problem: When creating an RMON rule in the RMON Rule Configuration window, the MIB variable I want to use is missing from the list of variables displayed when I click “Lookup...” The MIB Variable list displays only the MIBs shipped with the EPICenter software. In addition, within those MIBs the variable list will not display variables that are indexed by an index other than (or in addition to) ifIndex. You can still use variables that do not appear in the Lookup... list, but you must type the complete OID into the MIB Variable field, in numeric notation. If the variable is a table variable, you will need to append the specific index and apply the variable to each target device, one at a time. Problem: A program specified as an action for an alarm (in the Run Program field) does not get executed. It includes output to the desktop among its functions. If you are running the EPICenter server as a service, you must specifically tell it to allow output to the desktop. To do this you must stop and restart the EPICenter server, as follows: 1 In the Services properties window, select EPICenter 4.1 Server and click Stop. (To find the Services window, from the Start menu select Settings, then Control Panel, the double-click the Services icon). 2 When the EPICenter 4.1 Server service has be stopped, select it again and click Startup.... This displays a pop-up window where you can specify start-up options. 3 In the lower part of the window, in the Log On As: area, click the box labeled Allow Service to Interact with Desktop. Then click OK. After the EPICenter server restarts, the program you have specified as an alarm action should execute correctly. To specify a batch file that does output to the desktop, you must specify the “.bat” file within a DOS “cmd” command, as follows: cmd /c start <file.bat> where <file.bat> is the batch file you want to run. Problem: Email alarm actions generate too much text for a text pager. You can use the “Short email to:” option to send an abbreviated message appropriate for a text pager or cell phone. The short email provides only very basic alarm information. See Chapter 5 for more details on using the email options as an alarm action. Problem: Alarm action that executes a script does not run to completion. Check to determine if a command in the script has failed. If one command in the script fails, the rest of the script will not be executed. This is expected behavior. EPICenter Software Installation and User Guide 463 Troubleshooting If you want to execute multiple script commands regardless of individual command failure, you must catch the exception thrown in each command. For example, a script action: catch {do Command1} catch {do Command2} will execute Command2 even if command1 fails. For detailed information on how to use the Tcl script, consult the Tcl man pages or Help file at http://www.tcl.tk. ESRP Manager Problem: None of the member VLANs of an ESRP group are appearing in the ESRP Manager applet. Make sure that all members of the ESRP group use the same election algorithm. If there is an election algorithm mismatch between any of the ESRP-enabled switches in any of the ESRP-enabled VLANs in the ESRP group, this causes a misconfiguration scenario, and ESRP will not function. As a result, none of the members of the ESRP group will appear in the ESRP Manager applet. Problem: Some of the switches in an ESRP-enabled VLAN are missing from the ESRP Manager applet. Make sure that the Hello Timer (ESRP Timer) is set to the same interval for all ESRP-enabled switches. If there is a timer mismatch, ESRP will not function correctly, and the ESRP Manager applet will not be able to detect ESRP switch neighbors that are not being managed by the EPICenter software. Problem: Devices running ExtremeWare 4.x are not being polled for ESRP information. The EPICenter server uses Telnet polling to add and update ESRP information for devices running ExtremeWare 4.x. If you have the “Poll devices using Telnet” option disabled in the Administration applet, no ESRP information will be obtained for these devices. You can enable telnet polling through the Server Properties page in the Administration applet. See Chapter 16 for more information. Inventory Manager Problem: Discovery returns an error if more than 10,000 IP addresses are specified for a discovery operation. Discovering more than 10,000 IP addresses can consume too much memory in the EPICenter server. As a result, the server does not allow more than 10,000 IP addresses to be discovered at once. If you need to discover more than 10,000 devices, you must split your discovery into multiple operations. Problem: Multiple switches have the same name. This is because the sysName of those switches is the same. Typically, Extreme Networks switches are shipped with the sysName set to the type of the switch “Summit48,” “Summit1i,” “Alpine3808,” and so on, depending on the type of switch. You can change the way names are displayed through a sever property in the Administration applet. You can display devices in the Component Tree by name or by IP address and name. See Chapter 16 for more information on setting EPICenter server properties. 464 EPICenter Software Installation and User Guide ExtremeView Problem: Discovery does not display the MAC address for some devices in discovery results list. In addition, may not add the device to inventory (primarily happens with workstations). If the MAC address is not found in the first instance of ifPhysAddress, it is not displayed in the discovery results table. However, when the device is selected to be added to the EPICenter inventory, the Inventory applet searches all the ifPhysAddress entries for the device, and will use the MAC address found in this manner. If no MAC address is found in any ifPhysAddress entry, the device will not be added to the EPICenter database. Problem: Attempted to add a switch in the Inventory Manager after rebooting the switch, and received an “SNMP not responding” error. If a switch has recently been powered on, it may take some time (a number of minutes) before the device is completely initialized. This will be especially true of chassis devices with many blades, or devices with a large number of VLANs configured on the device. It the device has not completed its initialization, the Inventory Add process may return an error. You can simply wait until the device has finished initializing and try the Add function again. ExtremeView Problem: For a device selected under Status, the Device Information panel shows incorrect information, and the device image is not displayed correctly. This can be caused by a device IP address that is in conflict with another device on the network (a duplicate IP address). Remove the problem device from the EPICenter inventory, and add it in again with the correct IP address. Problem: While looking at a device in ExtremeView, the device view was suddenly replaced by the top-level ExtremeView page. This will happen if another EPICenter user removes the device from the database while you are viewing it. If you are running with the Java Console enabled you may see an error message indicating the device has been removed (as long as your console log has not been filled up). Problem: When device information is not displayed completely (for example, only a generic image is displayed) no messages explaining the problem seems to appear. These types of messages for ExtremeView are displayed as error messages in the Java Console error log. These messages are really informational errors, but must be displayed as errors in order to appear under the normal Java Console settings. To see these messages, you must be running the Java Console (see “Enable the Java Console” on page 456). Also, there must still be room left in the console log, as it stops displaying messages when it fills up. Problem: After initiating a switch reboot from the switch configuration page in ExtremeView, the browser times out with an error (browser client only). You can initiate a switch reboot from the Switch configuration page in the ExtremeView applet However, because the switch is rebooting, it does not respond to the browser’s forms submission, and the browser will time out and report an error (Error: 504) instead of refreshing the configuration page. Once the switch has successfully finished rebooting, you can select it again in the Component Tree and the page will refresh correctly. EPICenter Software Installation and User Guide 465 Troubleshooting Grouping Manager Problem: Cannot import users from NT Domain Controller The EPICenter Server must be running with permissions that enable it to get user information from a Domain Controller. To verify and change permissions for the Web Server, do the following: 1 From the Start menu, highlight Settings, pull right, and click on the Control Panel. This displays the Control Panel folder. 2 Double-click on Services to display the Services Properties window. 3 In the Services properties window, select EPICenter 4.1 Server and click Stop. (To find the Services window, from the Start menu select Settings, then Control Panel, the double-click the Services icon). 4 When the EPICenter 4.1 Server service has be stopped, select it again and click Startup.... This displays a pop-up window where you can specify start-up options. 5 In the lower part of the window, in the Log On As: area, enter the account name and password for a user who has the appropriate permissions to access the Domain Controller. 6 Click OK to restart the Web Server service to have the new user logon take effect. Printing Problem: When printing a topology map from the browser client, or a printing report, the browser can appear to freeze. Printing a report or a topology map can cause the browser utilization to become very high (approaching 100%) and can spool a very large amount of memory. There is no current solution other than to wait, and the process will eventually finish. Topology Problem: In Map Properties, changed the node background color, but only some of the node backgrounds changed. The background color affects submap nodes, device hyper nodes and device or decorative nodes that do not display the device icon (either because the icon display is turned off or the nodes have been reduced in size to where the icon cannot be displayed). For device nodes and decorative nodes with the device icon displayed, the background color is transparent, and the background color setting is ignored. Problem: A link has been moved, but the old link still appears as a down or unknown link. In addition, if just one end of the link has been moved, an L2 cloud node is added between the two endpoint devices. When a previously “up” link disappears, the EPICenter server cannot tell if whether it is down or has been physically moved, so it changes its status to down (or unknown). EPICenter will detect the new link and add it as an up link, but it will not remove the old link. If only one end of the link is moved, EPICenter detects two links (one up and one down) that share the same endpoint on one side of the link. It interprets this to mean that there is a hub between the two endpoint devices, and represents this as an L2 cloud. 466 EPICenter Software Installation and User Guide STP Monitor To remove non-existent links and extraneous L2 clouds, you can use the Discover Links command in the Topology applet. This command will remove all down links and extraneous L2 clouds. Note that this command will also remove existing links that are down, but EPICenter will rediscover and add back those links when they come back up. Problem: The Discover Links command removed legitimate links that were down. The EPICenter server cannot discover a link if the link is down. Therefore, when it rediscovers links it will only discover up links (or partially up links in the case of composite links). However, down links will automatically reappear when they come up again. You can also use the Discover Links command again after the down links have come back up. STP Monitor Problem: There are multiple STP nodes with the same name. The EPICenter server identifies an STP domain by its name and tag. If you see multiple STP domains in EPICenter, you may have a misconfiguration where the same STP domains are configured with different tags on different switches. Reports Problem: After viewing reports, added a user-defined report, but it doesn’t appear in the list of reports on the main reports page. The Reports page updates the list of reports when the page is loaded. To update the list, Refresh the page. Problem: Reports cannot be launched. Due to a problem with Windows, sometimes reports cannot be launched. To solve this problem, upgrade the version of the Internet Explorer or restart your PC. EPICenter Software Installation and User Guide 467 Troubleshooting 468 EPICenter Software Installation and User Guide B EPICenter Utilities This appendix describes several utilities and scripts shipped with the EPICenter software: • The DevCLI utility, that can be used to add, modify, delete, and sync devices and device groups; and can be used to modify device configuration information from the EPICenter database using the devcli command • The Inventory Export scripts, that can be used to extract information from the EPICenter inventory and output it to the console or to a file • The SNMPCLI utility, that can be used to inspect the contents of device MIBs • The Port Configuration utility, a Windows-only utility that you can use to change the ports used by the EPICenter server • The AlarmMgr utility, used to display alarm information from the EPICenter database. Results can be output to a file. • The FindAddr utility, used to find IP or MAC addresses within a set of devices or ports (specified individually or as device or port groups). Results can be output to a file. • The TransferMgr utility, used to upload or download device configurations, or to download new software versions. • The VlanMgr utility, used to create, reset, and delete VLANs. • The ImportResources utility, used to import resources into the Grouping Manager from an external source such as an LDAP or NT Domain Controller directory. The DevCLI Utility The DevCLI utility allows you to add, modify, and remove devices and device groups from an EPICenter database using a command line statement, rather than through the EPICenter client user interface. You can add devices and device groups individually or in groups, and you can specify arguments such as community strings and login and passwords for both the EPICenter server and the devices. You can modify device and device group settings as well as device configurations. You can specify a list of devices in a file and have them added in a single operation. The DevCLI is useful for updating the EPICenter inventory database quickly when large numbers of devices or device groups are added, modified or removed, or if changes occur frequently. It can also be useful when you want to duplicate the device inventory and device group configurations across multiple installations of the EPICenter server. EPICenter Software Installation and User Guide 469 EPICenter Utilities Using the DevCLI Commands The utility is located in the root EPICenter install directory, by default \epc4_1 or /opt/extreme/epc4_1 (in a UNIX environment). The DevCLI utility supports the following four commands: • devcli add <options> to add a device or device group. To add device 10.205.0.99 to the EPICenter database on the local host, using the default device user name and password, enter the following command at the prompt: devcli add -u admin -a 10.205.0.99 To add a device group to the EPICenter database with the name “Device Group 1,” enter the following command at the prompt : devcli add -u admin -g “Device Group 1” To add multiple device groups to the EPICenter database with the names “Device Group 1” and “Device Group 2,” enter the following command at the prompt : devcli add -u admin -g "Device Group 1" -g "Device Group 2" -g "Device Group 3” • devcli mod <options> to modify a device or device group. To modify the password on device 10.205.1.51 to use an empty string, enter the command : devcli mod -u admin -a 10.205.1.51 -d ““ NOTE If you are running the DevCLI on a Windows platform, enter forward slashes to separate empty double quotes to ensure the command executes correctly. For example, to use the previous command in a Windows environment, enter the command: devcli mod -u admin -a 10.205.1.51 -d \"\" To modify the name of a device group from “Device Group 1” to “New Device Group,” enter the following command at the prompt: devcli mod -u admin -g “Device Group 1” -m “New Device Group” • devcli del <options> to remove a device or device group. To remove device 10.205.0.99 from the EPICenter database, enter the command: devcli del -u admin -a 10.205.0.99 To remove a device group named “New Device Group” from the EPICenter database, enter the command : devcli del -u admin -g “New Device Group” • devcli sync <options> to manually update device configurations. To manually update the device configurations for device 10.205.0.99, enter the command: devcli sync -u admin -a 10.205.0.99 To manually update the configurations for the default device group, enter the command: devcli sync -u admin -g Default NOTE You can type either sync or syn when you use the devcli sync command. 470 EPICenter Software Installation and User Guide The DevCLI Utility These commands support a set of options for specifying device information such as passwords and community strings, device group information such as device group names and member devices, as well as information about the EPICenter server, such as host name or IP address, port, and user name and password. You can also specify multiple IP addresses in a file to have them added or removed as a group, as long as they all use the same user name, password, and community strings. Table 13 specifies the options you can use with these commands: Table 13: DevCli command options Option Value Default -a Device IP address. This option can be specified more than once. None -b SNMP version 3 user name. initialmd5 -c Cisco enable password. “” -d Device password. “” -e Device group description. None -f Input file name for IP addresses. This specifies an ascii file that contains a list of IP addresses, one per line. No other information can be included in this file. None This option can be specified more than once. -g Device group to which devices should be added. Case sensitive. The device group must already exist. Default -h Input file name for device groups. This specifies an ascii file that contains a list of device group descriptions, one per line. A device group description may be included by enclosing both the device group name and the device group in double quotes. The quotes sever to delimit the two values. None This option can be specified more than once. -i Device poll interval, in minutes 0 -j SNMP version 3 privacy password “” -l (Letter l) User name to use for device login admin -m New device group name. Use this command when you are modifying a device group None -n EPICenter server port number 80 -o SNMP version 3 authentication password initialmd5 -p EPICenter user password “” -r Read community string (only needed for adding devices; not needed for deleting them). public -s EPICenter server hostname or IP address localhost -t SNMP version 3 authentication protocol (none, MD5, SNA) md5 -u EPICenter user name none -v SNMP version (1, 3) -w Write community string (only needed for adding devices; not needed for deleting them). EPICenter Software Installation and User Guide “private” 471 EPICenter Utilities Table 13: DevCli command options (continued) Option Value Default -x Modify device setting (ssh, nussh, offline, online) none -y SNMP version 3 privacy protocol (none, crc) none -z Record filename (for recording) none Options such as the user login names and passwords and community strings, apply to all devices specified in the command. You can specify multiple devices in one command as long as they use the same options. If you have devices with different access parameters, you must add or delete them in separate commands. The exception is when removing devices or device groups, you do not need to specify community strings, so you can remove multiple devices in a single command even it their community strings are different. Most options default to the values equivalent to those used by default on Extreme Networks devices or in the EPICenter software. You can specify only one EPICenter server (database) in a command. If you want to add the same devices to multiple EPICenter databases, you must use a separate command for each server. The command by default adds or removes devices from the EPICenter database running on the local host at port 80. DevCLI Examples The following examples illustrate the usage of these commands. • To add a device with IP address 10.205.0.99 to the EPICenter database running on server snoopy on port 81, with EPICenter login “master” and password “king,” enter the following command: devcli add -u admin -a 10.205.0.99 -s snoopy -n 81 -u master -p king • To add two devices (10.205.0.98 and 10.205.0.99) to the EPICenter database on the local host, with read community string “read” and write community string “write,” enter the following command: devcli add -u admin -a 10.205.0.98 -a 10.205.0.99 -r read -w write • To add multiple device groups specified in the file “devGroupList.txt” to the EPICenter database, enter the following command: devcli add -u admin -h devGroupList.txt The file devGroupList.txt must be a plain ASCII text file containing one device group name and one description (if applicable) per line, such as: “Device Group 2” Building B dg4 “Marketing” If a line has multiple words delimited by white space and the words are not enclosed in double quotes, the whole line is interpreted as a device group name without a device group description. If the device group name consists of multiple words delimited by white space, and you want to specify a device group description, you must use double quotes to enclose both the device group name and the device group description. 472 EPICenter Software Installation and User Guide Inventory Export Scripts • To modify the membership of a device group named “Engineering Device Group” to remove any existing devices from the device group and add four new devices (10.205.0.91, 10.205.0.92, 10.205.0.93, and 10.205.0.94) to the device group, enter the following command: devcli mod -u admin -g “Engineering Device Group” -a 10.205.0.91 -a 10.205.0.92 -a 10.205.0.93 -a 10.205.0.94 • To delete a set of devices specified in the file “devList.txt” with device login “admin2” and password “purple,” enter the following command: devcli del -u admin -f devList.txt -l admin2 -d purple The file devList.txt must be a plain ASCII text file containing only IP addresses and only one IP address per line, such as: 10.205.0.95 10.205.0.96 10.205.0.97 If more than one IP address is specified per line, only the first IP address is used. • To delete two device groups (“Building A” and “Building C”) from the EPICenter database, enter the following command: devcli del -u admin -g “Building A” -g “Building C” • To manually update the configurations of two devices (10.205.0.91 and 10.205.0.93), enter the command: devcli sync -u admin -a 10.205.0.91 -a 10.205.0.93 Inventory Export Scripts There are three scripts you can run to export information about the devices or occupied slots known to the EPICenter inventory. The scripts let you export information on devices known to a single EPICenter installation, on slots known to a single EPICenter installation, or on devices known to multiple EPICenter servers. The information will be output in comma-separated (CSV) format suitable for importing into a spreadsheet. • For a device report, the information reported includes the device name and type, IP address, location, serial and board numbers. If you use the Distributed server version of this report, the name of the EPICenter server that manages the device will also be included. • For a slot report, it includes the device name and IP Address, slot number, slot name and slot type, and the serial number of the blade in the slot. Using the Inventory Export Scripts The three scripts are located in the EPICenter user\scripts\bin directory under the EPICenter install directory (by default \epc4_1 under Windows, or /opt/extreme/epc4_1 under Solaris). You must have the user\scripts\bin directory as your current directory in order to run these scripts. There are three inventory export scripts you can use: • inv.bat <options> (Windows), or inv.sh <options> (Solaris) exports device information from the EPICenter database. To export device information to file devinfo.csv under Windows, enter the command: cd epc4_1\user\scripts\bin inv.bat -o devinfo.csv EPICenter Software Installation and User Guide 473 EPICenter Utilities Under Solaris, enter the command: cd epc4_1/user/scripts/bin inv.sh -o devinfo.csv • slots.bat <options> (Windows), or slots.sh <options> (Solaris) exports slot information from the EPICenter database. To run the command as user “user1,” and export slot information to file slotinfo.csv under Windows, enter the command: cd epc4_1\user\scripts\bin slots.bat -u user1 -o slotinfo.csv Under Solaris, enter the command: cd epc4_1/user/scripts/bin slots.sh -u user1 -o slotinfo.csv • msinv.bat <options> (Windows), or msinv.sh <options> (Solaris) exports device information from the databases of multiple EPICenter servers. You must provide a list of EPICenter servers in a file. To export device information from the databases of EPICenter servers listed in file servers.txt (in the scripts\config directory) to file alldevinfo.csv, without prompting for a password under Windows, enter the command: cd epc4_1\user\scripts\bin msinv.bat -d -o alldevinfo.csv -s ..\config\servers.txt Under Solaris, enter the command: cd epc4_1/user/scripts/bin msinv.sh -d -o alldevinfo.csv -s ../config/servers.txt The server file defaults to the file servers.txt in the user\scripts\config directory. You can edit this file to include the names or IP addresses of the servers where the EPICenter server and databases are running. You can also provide your own file. The format of the file entries are: <servername or IP>:<port> For example: iceberg:80 10.2.3.4:81 Table 14 specifies the options you can use with these commands: Table 14: Inventory script command options Option Value Default -d None If -p option not present, prompts for password If present, the command will use the default EPICenter password (“”) and will not prompt for a password. -n EPICenter server port number 80 -o Name of file to receive output. If you don’t specify a path, the file will be placed in the current directory (user\scripts\bin). output written to console (stdout) -p EPICenter user password “” -u EPICenter user name admin 474 EPICenter Software Installation and User Guide Inventory Export Scripts Table 14: Inventory script command options (continued) Option Value Default -s For the msinv.bat and msinv.sh commands only: Name (and path) of file containing EPICenter server list <epc_install_dir>\user\scripts\ config\servers.txt under Windows, <epc_install_dir>/user/scripts/ config/servrs.txt under Solaris NOTE The inv.bat, inv.sh, slot.bat, and slot.sh scripts retrieve information only from an EPICenter server that runs on the same machine as the scripts. Inventory Export Examples The following examples illustrate the usage of these commands. • To export slot information to the file slotinventory.csv from the EPICenter database whose login is “admin123” and password is “sesame” under Windows, enter the following command: slots.bat -u admin123 -p sesame -o slotinventory.csv Under Solaris, enter the following command: slots.sh -u admin123 -p sesame -o slotinventory.csv This will not prompt for a password, and will output the results to the specified file. • To export device information to the console, after prompting for a password under Windows, enter the following command: inv.bat Under Solaris, enter the following command: inv.sh This command will login with the default user name (admin), will prompt for the password, and will output the results to the console. • To export device information to the console, using the default login and default password under Windows, enter the following command: inv.bat -d -o output.csv Under Solaris, enter the following command: inv.sh -d -o output.csv This command will login using the default user name (admin) and the default password, and will output the results to the file output.csv in the user\scripts\bin directory. • To export device information from the EPICenter databases on the multiple servers under Windows, edit the servers.txt file in the user\scripts\config directory, then enter the following command: msinv.bat -d -o devices.csv -s serverlist2.txt Under Solaris, edit the servers.txt file in the user/scripts/config directory, then enter the following command: msinv.sh -d -o devices.csv -s serverlist2.txt This command logs in to each of the EPICenter servers specified in the file serverlist2.txt, using the default login and password, and output the device information from these servers to the file devices.csv. The devices.scv file is created in the user\scripts\bin directory. EPICenter Software Installation and User Guide 475 EPICenter Utilities The SNMPCLI Utility The SNMPCLI utility provides three basic SNMP query capabilities, that can be used to access the values of MIB objects kept by the SNMP agents of the devices you are managing. Accessing these variable may be helpful in diagnosing problems with a device or its configuration, if its behavior as seen through the EPICenter software is not as expected. Use of this utility assumes you are familiar with SNMP MIBs, and can determine the OID the variable you want to retrieve, as well as the meaning of the results that are returned. NOTE The SNMPCLI utility uses SNMP version 1. Using the SNMPCLI Utility The three scripts are located in the EPICenter user\scripts\bin directory under the EPICenter install directory (by default \epc4_1 under Windows, or /opt/extreme/epc4_1 under Solaris). You must have the user\scripts\bin directory as your current directory in order to run these scripts. The SNMPCLI utility supports the following three commands: • snmpcli snmpget <options> returns the value of a specified OID. For example, to get the value of the object (the variable extremePrimaryPowerOperational in the Extreme Networks MIB) whose OID is .1.3.6.1.4.1.1916.1.1.1.10.0 on the device at 10.205.0.99, enter the following command: snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10.0 • snmpcli snmpnext <options> returns the value of the next OID (subsequent to the OID you specify) in the MIB tree. For example, you can use this command to get the value of the object whose OID is .1.3.6.1.4.1.1916.1.1.1.10.0 on the device at 10.205.0.99, by entering the following command: snmpcli snmpnext -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.10 • snmpcli snmpwalk <options> returns the value of the entries in a table. For example, to get the value of the entries in the extremeFanStatusTable, which is OID .1.3.6.1.4.1.1916.1.1.1.9 on the device at 10.205.0.99, enter the following command: snmpcli snmpget -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.9 Table 15 specifies the options you can use with these commands: Table 15: SnmpCli command options Option Value Default -a Device IP address. This option can be specified more than once. This option is required. None -i Number of indices to use when walking a MIB table (1 or 2). 1 -o Object Identifier (OID) of the MIB object whose value you want to retrieve, or that is the starting point for the values you want. This option is required. None 476 EPICenter Software Installation and User Guide Port Configuration Utility Table 15: SnmpCli command options (continued) Option Value Default -r Read community string public -t Timeout value for SNMP request, in milliseconds. 500 ms SNMPCLI Examples The following examples illustrate the usage of these commands. • To retrieve the values of the extremePrimaryPowerOperational and extremeRedundantPowerStatus variables for the Extreme Networks device with IP address 10.205.0 99, with read community string “purple” and a timeout of 1000 ms, enter the following command: snmpcli snmpget -a 10.205.0.99 -r purple -t 1000 -o .1.3.6.1.4.1.1916.1.1.1.10.0 -o .1.3.6.1.4.1.1916.1.1.1.11.0 This returns the following: IP Address: 10.205.0.99 Read community string: purple Timeout(ms): 1000 OUTPUT: OID: .1.3.6.1.4.1.1916.1.1.1.10.0 ; OID: .1.3.6.1.4.1.1916.1.1.1.11.0 ; VALUE: 1 VALUE: 1 • To retrieve the values from the extremeFanStatusTable variables for the Extreme Networks device with IP address 10.205.0.99, with the default read community string (public) and a default timeout, enter the following command: snmpcli snmpwalk -a 10.205.0.99 -o .1.3.6.1.4.1.1916.1.1.1.9 This returns the following: IP Address: 10.205.0.99 Read community string: public Timeout(ms): 500 OUTPUT: OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.1 OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.2 OID: .1.3.6.1.4.1.1916.1.1.1.9.1.1.3 OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.1 OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.2 OID: .1.3.6.1.4.1.1916.1.1.1.9.1.2.3 ; ; ; ; ; ; VALUE: VALUE: VALUE: VALUE: VALUE: VALUE: 1 2 3 2 2 2 Port Configuration Utility The Port Configuration utility is a stand-alone utility that runs on the Windows 2000, or Windows XP platform. The EPICenter Port Configuration utility provides a way for an EPICenter administrator to change some of EPICenter’s logical TCP/IP port numbers, in the event that there are conflicts between these port numbers and those used by other software products running on the same system. Because these port conflicts may prevent EPICenter from running, the port configuration capability needs to be accessible outside of EPICenter. The Port Configuration application runs on the same system as the EPICenter Database Server and Web Server. EPICenter Software Installation and User Guide 477 EPICenter Utilities You can run the utility from the Programs menu. You do not need to shut down the EPICenter services (Web Server or database) in order to change the port configurations. However, the new configurations will not take effect until you restart the affected server(s). To run the Port Configuration utility, do the following: 1 Run the program from the Windows Start menu: Select Programs, then Extreme Networks, followed by EPICenter 4.1, then Port Configuration. The EPICenter Port Configuration window appears, as shown in Figure 229. Figure 229: EPICenter Port Configuration Utility 2 Type in new port values for the ports you want to change. You can use the standard Windows Cut, Copy, and Paste functions from the Edit menu, or use the keyboard shortcuts ([Ctrl]+X, [Ctrl]+C, and [Ctrl]+V) to move values among the fields. The Apply button is enabled when there is text in some edit field. 3 Click Apply to record the settings you have entered. Click the Reset button for a specific port to reset that port to its default value. The Reset button for a field is enabled when the corresponding values in the “Current port value” field is something other than the default. Click Done when you have finished making and applying changes. Any new text in the edit fields, that has not been applied, is discarded. The utility checks to see if it can open the requested new port number(s). If the new port number is in use, the utility reports this fact and asks if you want to keep the new value anyway. 4 To have the new port settings take effect, restart the server(s) whose ports you have changed. Changes do not take effect until the corresponding service is stopped and restarted. However, after applying the new values, the entries under “Current port value” are updated. This information can be misleading if you have not yet restarted the corresponding services. In particular, if you dismiss and re-run the Port Configuration utility before you restart the affected services, the “Current port value” fields will reflect the changed values which are not yet in effect. If the servers are running as system services, you can restart your system, or stop and restart the servers using the Services utility from the Windows Control Panel. If the EPICenter servers are not running as NT system services, you must manually stop and restart the servers. 478 EPICenter Software Installation and User Guide The AlarmMgr Utility The AlarmMgr Utility The Alarm Manager utility (AlarmMgr) enables you to access EPICenter alarm information and output the results to a command window or to a file. This command provides a command-line version of part of the functionality available in the EPICenter Alarm Manager applet. Using the AlarmMgr Command The AlarmMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment. This command includes options for specifying EPICenter server access information and alarm filtering parameters. The syntax of the command is as follows: AlarmMgr -user <EPICenter username> <options> The EPICenter user name is required. All other parameters are optional. The basic command displays information about the last 300 alarms in the EPICenter database. By using filtering options, you can display information about selected alarms. You can specify a time period of interest as well as characteristics of the alarms you want to include. You can select alarms based on criteria such as the alarm name, severity, category, source (the IP address or IP address and port that generated the alarm) and whether the alarm has been acknowledged. You can combine many of these criteria so that only alarms that meet all your criteria will be included in the results. For example, you may want to display only critical alarms from a specific device, or all alarms in a specific category that are not acknowledged. Table 16 specifies the options you can use with this command: Table 16: AlarmMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument. No password -host <hostname | IP address> EPICenter server hostname or IP address localhost -port <port> EPICenter server port number 80 -h <N> Display alarms that occurred within the last N hours -d <N> Display alarms that occurred N days ago -y Display alarms that occurred yesterday EPICenter Software Installation and User Guide These options are mutually exclusive and may not be combined Last 300 alarms 479 EPICenter Utilities Table 16: AlarmMgr command options (continued) Option Value Default -c <category> Display alarms that occur for a specific category. Category specification is case insensitive. Must be quoted if category name includes spaces or other delimiters. -s <severity> Display alarms that occur for a specific severity. Severity specification is case insensitive. -dip <IP address> Display alarms that occur for a specific device as specified by IP address. -p <port> Display alarms that occur for a specific port on the device specified with the -dip option. All ports -an <alarm name> Display alarms that occur for a specific alarm. Alarm name specification is case insensitive. Must be quoted if alarm name includes spaces or other delimiters. All alarms -a Display all acknowledged alarms. All alarms -u Display all unacknowledged alarms. -f <file specification> Name of file to receive output. If you do not specify a path, the file is placed in the current directory. If the file already exists, it is overwritten. Comman d window (stdout). -help Displays syntax for this command None When these options are combined, an alarm must meet all criteria to be included in the results. Each of these options may be specified only once. All categorie s All severity levels All devices • You can specify only one EPICenter server (database) in a command. If you want to display alarms from multiple EPICenter databases, you must use a separate command for each server. • The options for specifying the relevant time period (-h, -d, and -y) are mutually exclusive and cannot be combined. • You can specify filter options such as an alarm name or device (IP address) only once per command. If you want to display information for a several values of a filter option, such as several alarm names, devices, severity levels, etc., you must execute an AlarmMgr command for each value of the filter option. For example, to display alarms for two different devices, you must execute two AlarmMgr commands. • If you specify multiple filter options, they are combined in the manner of a logical AND. This means that an alarm entry must meet all the specified criteria to be included in the command results. • The options for specifying the relevant time period are mutually exclusive and cannot be combined. • You should not combine the -a and -u options (for acknowledged and unacknowledged alarms). This combination indicates you want to display alarms that are both acknowledged and unacknowledged. However, there are no alarms that meet this criteria since an alarm cannot be both. To display both alarms that are acknowledged and alarms that are unacknowledged, do not specify either option. 480 EPICenter Software Installation and User Guide The FindAddr Utility AlarmMgr Output The output from the AlarmMgr command is displayed as tab-delimited ascii text, one line per alarm. Each line contains the following information: • ID: Event ID of the alarm (assigned by the EPICenter server when the alarm is received) • Name: Name of the alarm • Category: Category that the alarm is classified under • Severity: Severity level of the alarm • Source: IP address of the device that generated the alarm • Time: time the alarm occurred, reported as Greenwich Mean Time • Message: Message associated with the alarm • Acked: Whether the alarm has been acknowledged (true or false) AlarmMgr Examples The following examples illustrate the usage of these commands. • To display the last 300 alarm log entries in the EPICenter database running on the local server, as user admin with the default password, enter the following command: AlarmMgr -user admin • To display the last 300 alarm log entries in the EPICenter database running on server snoopy on port 81, with EPICenter login “master” and password “king,” enter the following command: AlarmMgr -host snoopy -port 81 -user master -password king • To display all alarm log entries for the alarm named FanFailed in the local EPICenter database that occurred yesterday and are unacknowledged, enter the following command: AlarmMgr -user admin -y -u -an “Fan Failed” • To find all alarm log entries that were generated from port 12 on device 10.2.3.4, and place the results in the file device1.txt enter the following command: AlarmMgr -user admin -dip 10.2.3.4 -p 12 -f device1.txt The FindAddr Utility Using the Find Address command (FindAddr) you can specify a Media Access Control (MAC) or Internet Protocol (IP) network address, and a set of network devices (or ports on a device) to query for those addresses. The command returns a list of the devices and ports associated with those addresses, and output the results to the command window or to a file. This command provides a command-line version of the functionality available in the EPICenter IP/MAC Address Finder applet. EPICenter Software Installation and User Guide 481 EPICenter Utilities Using the FindAddr Command The FindAddr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment. This command includes options for specifying EPICenter server access information, the address to be located, and a search domain (an individual device and ports, or a device or port group). The syntax of the command is as follows: FindAddr -user <EPICenter username> <address options> <search domain options> <other options> The EPICenter user name is required. You must also include at least one search address specification, and a search domain specification. The FindAddr command returns a list of MAC and IP addresses and the devices and ports associated with those addresses. Table 17 specifies the options you can use with this command: Table 17: FindAddr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument. No password -host <hostname | IP address> EPICenter server hostname or IP address. localhost -port <port> EPICenter server port number. 80 Do not specify this after the -dip option or it will be taken as a search domain specification. -f <file specification> Name of file to receive output. If you do not specify a path, the file is placed in the current directory. If the file already exists, it is overwritten. Comman d window (stdout) -help Displays syntax for this command. None Search address options: -all Display all addresses located in the search domain. -mac <mac_address> Locate the specified MAC address. The address must be specified as six two-digit hexadecimal values separated by colons (xx:xx:xx:xx:xx:xx). You can specify a wildcard address by specifying asterisks instead of the last three values (for example, 21:14:18:*:*:*). At least one of these options is required. None The -mac and -ip options may be combined. This option may be repeated. -ip <IP address> Locate the specified IP address. This option may be repeated. 482 EPICenter Software Installation and User Guide The FindAddr Utility Table 17: FindAddr command options (continued) Option Value Default Search domain options: -dg <device group> Defines the search domain to include the specified device group. At least one of -dip, -dg, or -pg must be provided. -pg <port group> Defines the search domain to include the specified port group. -dip <IP address> Defines the search domain to include the device specified by the IP address. -port <port> Defines the search domain to include one or more ports on the device specified by the -dip option. Multiple ports can be specified separated by commas. Slot and port are specified as slot:port. For example, 1:2,2:3 None These options may be repeated and combined. All ports on the device Important: If used, this option must immediately follow the -dip option to which it applies. • You can specify only one EPICenter server (database) in a command. If you want to search devices from the inventory databases of multiple EPICenter servers, you must use a separate command for each server. • You can specify multiple IP and MAC addresses as search items by repeating the -ip or -mac options. — For MAC addresses, you can specify a wildcard for the last three values in the address (such as 10:11:12:*:*:*). — Wildcards are not supported for IP addresses. To search for multiple IP addresses, you can use the -all option, or include multiple -ip options. — You can specify both an IP address and a MAC address as search addresses in one command. • You can specify each search domain option multiple times. — Wildcards are not supported for device IP addresses. To include multiple devices in the search domain, you can specify a device group that contains the devices, or specify multiple -dip options. — To restrict the search domain to one or more ports on a device, specify the -port option immediately after the -dip option. If you place it anywhere else in the command, it will be taken as the server port specification. — You can specify individual devices, device groups, and port groups in a single command. FindAddr Output The output from the FindAddr command is displayed as tab-delimited text, one line per address. Each line contains the following information: • Both the MAC address and the corresponding IP address. • The switch and port to which the address is connected. • The user (name) currently logged in at that address, if applicable. The output also tells you the total number of addresses found, and lists any switches in the search domain that were unreachable. EPICenter Software Installation and User Guide 483 EPICenter Utilities FindAddr Examples The following examples illustrate the usage of these commands. • To display all addresses that can be accessed through devices in the Default device group, from the local EPICenter database (with default user, password and port), enter the following command: FindAddr -user admin -all -dg Default • To display all addresses that can be accessed through device 10.20.30.40, ports 5,6,7,8, in the EPICenter database running on server snoopy on port 81, with EPICenter login “master” and password “king,” enter the following command: FindAddr -host snoopy -port 81 -user master -password king -dip 10.20.30.40 -port 5,6,7,8 -all Note that the second -port option immediately follows the -dip option. It must be placed in this position to specify ports as the search domain. • To search for MAC addresses beginning with 00-01-03, and write the results to the file “info.txt,” with the Default device group as the search domain, enter the following command: FindAddr -user admin -mac 00:01:03:*:*:* -dg Default -f info.txt If the file does not already exist, it will be created, by default in the EPICenter bin directory. The TransferMgr Utility The Transfer Manager utility (TransferMgr) allows you to upload configuration information from a device to a file, and to download configuration information and ExtremeWare software images to Extreme devices. This command provides a command-line version of some of the functionality available in the EPICenter Configuration Manager applet. Using the TransferMgr Command The TransferMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment. This command includes options for specifying EPICenter server access information, the transfer function to be performed (upload, download, incremental download, or ExtremeWare image download), the device on which to perform the operation on, and the file location on the server. The syntax of the command is as follows: TransferMgr -user <EPICenter username> -upload -dip <device address> <upload location options> TransferMgr -user <EPICenter username> -download <filename> -dip <device address> TransferMgr -user <EPICenter username> -incremental <filename> -dip <device address> TransferMgr -user <EPICenter username> -software <filename> -dip <device address> {primary | secondary} 484 EPICenter Software Installation and User Guide The TransferMgr Utility The EPICenter user name, one of the four transfer options, and a device IP address are required. Other options are optional. Table 18 specifies the options you can use with this command: Table 18: TransferMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument. No password -host <hostname | IP address> EPICenter server hostname or IP address localhost -port <port> EPICenter server port number 80 -help Displays syntax for this command None -upload Upload configuration from the device specified with the -dip option. None -dip <IP address> IP address of device from which configuration should be uploaded. This option is required, and may be repeated. None -ft <string> Text string to be appended to device IP address to create a file name (in the format xx_xx_xx_xx.string). <ipaddress>.txt -fl <directory> Directory or path below the configs directory where the upload file should be placed. <tftp_root> is the location of your TFTP server. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. <tftp_root>\config s -a Place upload file into the archive directory (<tftp_root>\configs\<year>\<month>\<day>\ <ipaddress>_<time>.txt <tftp_root>\config s\<ipaddress>.txt Upload configuration: (xx_xx_xx_xx.txt) This option may not be combined with the -fl and -ft options. Download configuration: -download <filename | path and filename> Download configuration from the specified file to the device specified with the -dip option. The specified file must be located in or below the <tftp_root>\configs directory. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. None -dip <IP address> IP address of device to which configuration should be downloaded. This option is required. It may not be repeated. None Download Incremental configuration: -incremental <filename> Download an incremental configuration from the specified file to the device specified with the -dip option. The specified file must be located in the <tftp_root>\baselines directory. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. None -dip <IP address> IP address of device to which configuration should be downloaded. This option is required. It may not be repeated. None EPICenter Software Installation and User Guide 485 EPICenter Utilities Table 18: TransferMgr command options (continued) Option Value Default Download ExtremeWare software image: -software <filename | path and filename> Download a software image from the specified file to the device specified with the -dip option. The specified file must be located in the <tftp_root>\images directory. By default, <tftp_root> is <EPICenter_install_dir>\user\tftp. None Important: Make sure the software version is compatible with the switch to which you are downloading. -dip <IP address> IP address of device to which the image should be downloaded. This option is required. It may not be repeated. None -primary Download to the primary image location. Current location -secondary Download to the secondary image location. • You can specify only one EPICenter server (database) in a command. If you want to upload or download to or from devices managed by multiple EPICenter servers, you must use a separate command for each server. • Configuration and image files are all stored in subdirectories of the EPICenter TFTP root directory, which is by default <EPICenter_install_dir>\user\tftp. You can change the location of the TFTP root directory by using the Server function of the EPICenter Configuration Manager applet. • Standard ExtremeWare software images as shipped by Extreme Networks are provided in the directory <EPICenter_install_dir>\user\tftp\images directory (by default epc4_1\user\tftp\images in the Windows operating environment, or /opt/extreme/epc4_1/user/tftp/images on a Solaris system). NOTE Make sure the software version you download is compatible with the switch. If you download an incompatible version, the switch may not function properly. • For uploading, you can specify multiple devices in one command. For the download options (-download, -incremental, and -software) you can specify only one device per command. If you want to download to multiple devices, you must execute multiple TransferMgr commands. TransferMgr Examples The following examples illustrate the usage of these commands. • To upload configuration information from device 10.20.30.40, enter the following command: TransferMgr -user admin -upload -dip 10.20.30.40 This will place the device configuration information in the file 10_20_30_40.txt in the configs directory under the TFTP root directory (by default epc4_1/user/tftp/configs). • To upload and archive configuration information from device 10.20.30.40 managed by the EPICenter server running on host snoopy on port 81, with EPICenter login “master” and password “king,” enter the following command: TransferMgr -host snoopy -port 81 -user master -password king -upload -a -dip 10.20.30.40 486 EPICenter Software Installation and User Guide The VlanMgr Utility Assuming the default location for the TFTP root directory, and assuming that this command was executed on July 24, 2001 at 10:02 AM, this will place the device configuration information in the file epc4_1\user\tftp\configs\2001\07\24\10_20_30_40_1002.txt. • To download version 6.1.8 b11 of the ExtremeWare to an i-series device, enter the following command: TransferMgr -user admin -software v618b11.xtr -dip 10.20.30.40 The VlanMgr Utility The VLAN Manager utility (VlanMgr) allows you to create and delete VLANs. These commands configure the VLANs on the specified switches as well as adding the VLAN information to the EPICenter database. Using the VlanMgr Command The VlanMgr utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment. This command includes options for specifying EPICenter server access information, the operation to be performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their configuration options. The syntax of the command is as follows: VlanMgr -user <EPICenter username> -create <VLAN name> -dip <IP address> <other options> {-dip <IP address> <other options>} ... VlanMgr -user <EPICenter username> -modify <VLAN name> -dip <IP address> <other options> {-dip <IP address> <other options>} ... VlanMgr -user <EPICenter username> -delete <VLAN name> The EPICenter user name and one of the main options (-create, -modify, or -delete) are required. The -dip option is required for a create or modify command. Other options are optional. Table 19 specifies the options you can use with this command: Table 19: VlanMgr command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument. No password -host <hostname | IP address> EPICenter server hostname or IP address localhost -port <port> EPICenter server port number 80 -help Displays syntax for this command None EPICenter Software Installation and User Guide 487 EPICenter Utilities Table 19: VlanMgr command options (continued) Option Value Default -create <VLAN name> Create a new VLAN of the specified name. None -dip <IP address> IP address of device to add to VLAN. This option may be repeated. None -port <ports> Ports to be added to VLAN as untagged ports on the device specified by the preceding -dip option. No untagged ports -tagport <ports> Ports to be added to the VLAN as tagged ports on the device specified by the preceding -dip option. Create a new VLAN: These options must immediately follow the -dip option to which they apply. Each option may be specified once per -dip option. No tagged ports -ipf Enable IP forwarding for this VLAN on the specified device. IP forwarding disabled -ip <IP address>/<subnet mask> Set an IP address and submask for this VLAN on the specified device. Format is xx.xx.xx.xx/nn No ip address -tag <number> Set a tag value for the VLAN. Untagged -protocol <protocol name> Set protocol filter. ANY -modify <VLAN name> Reset the configuration of the specified VLAN to the options specified in this command. None -dip <IP address> IP address of device to be included in the VLAN. This option may be repeated. None -port <ports> Ports to be included in the VLAN as untagged ports on the device specified by the preceding -dip option. If this option is not included, any untagged ports configured on this device will be removed from the VLAN. These options must immediately follow the -dip option to which they apply. No untagged ports -tagport <ports> Ports to be included in the VLAN as tagged ports on the device specified by the preceding -dip option. If this option is not included, any tagged ports configured on this device will be removed from the VLAN. Each option may be specified once per -dip option. No tagged ports -ipf Enable IP forwarding for this VLAN on the specified device. If this option is not included, IP forwarding will be disabled on this device. IP forwarding disabled -ip <IP address>/<subnet mask> Set an IP address and submask for this VLAN on the specified device. Format is xx.xx.xx.xx/nn. If this option is not included, the VLAN will be reconfigured without a VLAN IP address. No IP address -tag <number> Set a tag value for the VLAN. This can be a value between 2 and 4095. If this option is not included, the VLAN will be reset to an untagged VLAN. Untagged Modify VLAN configuration: 488 EPICenter Software Installation and User Guide The VlanMgr Utility Table 19: VlanMgr command options (continued) Option Value Default -protocol <protocol name> Set protocol filter. If this option is not included, the protocol will be reset to ANY. ANY Delete the specified VLAN from all switches on which it is configured. None Delete VLAN: -delete <VLAN name> • You can specify only one EPICenter server (database) in a command. If you want to create, modify or delete VLANs for devices managed by multiple EPICenter servers, you must use a separate command for each server. • To create a VLAN on multiple switches, use multiple -dip options in a single command. • The -modify option effectively recreates a VLAN with only the options specified in the command. Any options not specified are reset to their defaults, and only devices specified with a -dip option in the modify command will be included in the VLAN. WARNING! Only the devices that are explicitly included in a VlanMgr modify command will be included in the modified VLAN. Any devices in the original VLAN that are not specified in the modify command will be removed from the VLAN as a result of the modify command. Any options that are not explicitly specified will be reset to their defaults. For example, suppose you have untagged VLAN Test1 that includes ports 2, 3,and 4 on device 10.20.30.40. To add ports 1 and 2 on device 10.20.30.50 to the VLAN, you can use the -modify command, but the command must specify both -dip 10.20.30.50 -port 1,2 and -dip 10.20.30.40 -port 2,3,4. If you do not include device 10.20.30.40 in the command, that device and its ports will be removed from the VLAN. VlanMgr Output The VlanMgr command displays output indicating the progress of the command as it configures the VLAN. VlanMgr Examples The following examples illustrate the usage of these commands. • To create untagged VLAN test1 consisting of untagged ports 2-5, on the switch with IP address 10.20.30.01, and add it to the EPICenter database running the local server with the default administrator name and password, enter the following command: VlanMgr -user admin -create test1 -dip 10.20.30.01 -port 2,3,4,5 This VLAN will be created with no 802.1Q tag, protocol ANY, no IP address assigned, and IP forwarding disabled. • To create a tagged VLAN test2 with tag 53, protocol IP, on two switches with tagged ports, IP forwarding enabled, and an IP address for the VLAN on each switch, enter the following command: VlanMgr -user admin -create test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip 10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13,14,15 -ipf -ip 10.201.20.102/24 -tag 53 -protocol ip EPICenter Software Installation and User Guide 489 EPICenter Utilities This creates the VLAN on switch 10.205.0.35 with member ports 10 and 11, VLAN IP address 10.201.20.100 and VLAN mask 255.255.255.0, and on switch 10.205.0.36 with member ports 11, 12, 13, 14 and 15, VLAN IP address 10.201.20.102 and mask 255.255.255.0. • To add port 12 on switch 10.201.20.35 to VLAN test2, leaving the configuration otherwise unchanged, enter the following command: VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11,12 -ipf -ip 10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13,14,15 -ipf -ip 10.201.20.102/24 -tag 53 -protocol ip Note that this includes all the specifications of the original create command, with the addition of port 12 to the first -tagport option. This is necessary to preserve the VLAN configuration. Specifying only the changes you want to make will not have the desired results. The command VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 12 will result in an error because no VLAN tag is specified, and it is illegal to add a tagged port to an untagged VLAN. The command VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 12 -tag 53 (adding just the tag specification) will successfully add port 9 to the VLAN as a tagged port, but will remove all the other ports on that switch, change the protocol to ANY, disable IP forwarding, and will remove switch 10.205.0.36 from the VLAN. • To remove ports 14 and 15 on switch 10.201.20.36 from VLAN test2, enter the following command: VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip 10.201.20.100/24 -dip 10.201.20.36 -tagport 11,12,13 -ipf -ip 10.201.20.102/24 -tag 53 -protocol ip • To remove switch 10.201.20.36 from VLAN test2, enter the following command: VlanMgr -user admin -modify test2 -dip 10.201.20.35 -tagport 10,11 -ipf -ip 10.201.20.100/24 -tag 53 -protocol ip This command recreates the VLAN only on switch 10.201.20.35. The ImportResources Utility The ImportResources utility allows you to import user and host resource definitions, and groups containing those resources, from a source external to the EPICenter system. You can import from an NT Domain server, an NIS server, or an LDAP directory. You can also import host and user resource definitions from a tab-delimited text file. This utility performs the same function as the Import feature in the Grouping Manager. See “Importing Resources” in Chapter 8 for details on this feature. Using the ImportResources Command The ImportResources utility is located in the EPICenter bin directory, <EPICenter_install_dir>/bin. By default this is epc4_1\bin in Windows, or /opt/extreme/epc4_1/bin in a UNIX environment. This command includes options for specifying EPICenter server access information, the operation to be performed (create, modify or delete), the name of the VLAN, and the devices in the VLAN with their configuration options. Importing from a File. To import data from a text file, you define the resources you want to import in a tab-delimited text file. See “Importing from a File” in Chapter 8 for details. 490 EPICenter Software Installation and User Guide The ImportResources Utility Importing from an LDAP Directory. Importing from an LDAP directory uses an import specification file that defines the following: • The information you want to extract from the directory. • How to map that data to groups, resources, and attributes in the EPICenter Grouping module. The specification file must be named LDAPConfig.txt, and must reside in the EPICenter user/import directory. See “Importing from an LDAP Directory” in Chapter 8 for details. Importing from an NT Domain Controller or NIS Server. Importing from an NT Domain Controller or NIS server is always done from the Domain Controller or NIS server that is serving the domain for the system running the EPICenter server. The type of system you are running will determine where the EPICenter server looks for the information. See “Importing from an NT Domain Controller or NIS Server” in Chapter 8 for details. The syntax of the ImportResources command is as follows: ImportResources -user <EPICenter username> -s <source name> [-f <file name>| -ldap | -domain ] The EPICenter user name and one of the import type options (-f, -ldap, or -domain) are required. Table 20 specifies the options you can use with this command: Table 20: ImportResources command options Option Value Default -user <username> EPICenter user name. This option is required. None -password <password> EPICenter user password. If the password is blank, do not include this argument. No password -host <hostname | IP address> EPICenter server hostname or IP address localhost -port <port> EPICenter server port number 80 -help Displays syntax for this command None -s <Source name> A name that will identify the source of the imported resources. This name is used to create a group under which all the resources imported in this operation are placed. None -f <file name> The name of a tab-delimited text file that contains the data to be imported. See “Importing from a File” in Chapter 8 for details. None -ldap Specifies that the information to be imported is from an LDAP directory. Requires a specification file named LDAPConfig.txt, that resides in the EPICenter user/import directory. See “Importing from an LDAP Directory” in Chapter 8 for details. None -domain Specifies that the information to be imported is from an NT Domain Controller server or a Solaris NIS server. See “Importing from an NT Domain Controller or NIS Server” in Chapter 8 for details. None EPICenter Software Installation and User Guide 491 EPICenter Utilities ImportResources Examples The following examples illustrate the usage of these commands. • To import resources from a tab-delimited file named importdata.txt into a source group named ImportedUsers in the EPICenter database running the local server with the default administrator name and password, enter the following command: ImportResources -user admin -s ImportedUsers -f importdata.txt • To import resources from an LDAP directory from a LDAP server into a source group named CorpUsers in the EPICenter database running on host snoopy on port 81, with EPICenter login “master” and password “king,” enter the following command: ImportResources -host snoopy -port 81 -user master -password king -s CorpUsers -ldap This requires a configuration file named LDAPConfig.txt to be present in the EPICenter user/import directory. • To import resources from an NT Domain server into a source group named NewUsers in the EPICenter database running the local server with the default administrator name and password, enter the following command: ImportResources -user admin -s NewUsers -domain This imports user data from the NT domain controller that is serving the domain where the EPICenter server resides. 492 EPICenter Software Installation and User Guide C EPICenter External Access Protocol This appendix describes: • The EPICenter external access protocol structure and commands • The client Tcl API, a higher-level API based on the External Access Protocol External Access Protocol Overview The EPICenter external access protocol enables you to access data from the EPICenter data for use within other applications. It also lets you enable and disable EPICenter policies, and configure those policies on Extreme devices. External Access Protocol Structure The external access protocol consists of three layers: transport, encoding, and command protocols. This section briefly describes each layer. Transport Layer The EPICenter External Access is provided through a TCP connection. The external application must first establish a persistent TCP connection with the EPICenter server. The EPICenter server listens on a TCP port on the server machine for incoming connections. The EPICenter server picks a dynamic port number that is not in use on the server machine during startup. This port number can be discovered by the external application by sending an HTTP request to: http://<EPICenter_host>:<EPICenter_web_port>/everest/getport EPICenter_host is the IP number or host name of the machine on which the EPICenter server is running. EPICenter_web_port is the port number for the EPICenter Web server. The result of this URL is a number. This number is the port number on which the EPICenter server is listening for external applications to establish the connection. If the external application receives an error while accessing the above URL, then the EPICenter server is not running or the server is not listening for external connections. EPICenter Software Installation and User Guide 493 EPICenter External Access Protocol Encoding Layer The encoding of all data transmitted through the transport layer uses a set of HTML/XML-like encoding rules. All data are transmitted as values enclosed in tags. For example: <TAG1>value1</TAG1> The first tag is the begin tag. Following the begin tag, a value is supplied, which can be empty. It is followed by the end tag. The rules for the tags are: • A tag is enclosed in < and >. • Tag content is case insensitive. • A tag is a begin tag if its first word does not start with /. • A tag is an end tag if the first word starts with /. • A begin tag must be matched with an end tag. • A begin tag end tag pair can be enclosed within another pair of begin and end tags. The tags recognized by the EPICenter server are the following: • <COMMAND></COMMAND> encloses an EPICenter server command. • <PARAM></PARAM> encloses an EPICenter server command parameter. • <H2></H2> encloses a message returned by the EPICenter server. • <TABLE></TABLE> encloses a table returned by the EPICenter server. • <TR></TR> are used in a table response from the EPICenter server. • <TD></TD> are used in a table response from the EPICenter server. Data values appear between a begin tag and an end tag. Data values are encoded using the following rules: • Only HTML-compatible 7-bit ASCII characters are used to represent application data values. All data values are represented using 7-bit ASCII characters. There is no binary data representation. • Characters with ASCII value 9, 10, 13, 33, 35–37, 39–59, 61, 63–126 are sent using their original ASCII values. For example 'a' is sent as 'a', '\n' is represented as '\n'. • All other ASCII characters and any two byte Unicode characters are sent using “&#vwxyz;”, where vwxyz is the decimal value of the character. For example, '<' is sent using “<” where 60 is the decimal value of the ‘<’ character. • All numeric values of integer, short, long, float, and double format are sent using their textual decimal representation. For example, 123, 139.32, 23.3e-12. • A byte is sent using its two digit hex representation in textual form. For example, the byte value “210” is sent as “D2”. • A character array or string is sent as a sequence of characters, each using the encoding rule outlined in 2 and 3. • A byte array is sent using a sequence of bytes. Each byte is sent using the encoding rule outlined in 5. • There is no method for representing a null value. • All characters are significant if appearing in the data value, including all newlines, carriage returns and tabs. 494 EPICenter Software Installation and User Guide External Access Protocol Structure Command Protocol Layer Using the transport mechanism and the encoding rules described above, the EPICenter server uses the following command protocols. The external application may send a request to the server in the following format. (Italic words are to be substituted by the external application. Other characters using the regular font should be used as is.) <COMMAND><PARAM>command name</PARAM><PARAM>argument 1</PARAM><PARAM>argument 2</PARAM>...<PARAM>argument n</PARAM></COMMAND> The EPICenter servers always respond with a message or a table. A message is sent back to the external application as: <H2>#, message text</H2> where # is a result status such as “ERROR” or “REQUEST COMPLETE” A table is sent back to the external application as: <TABLE> <TR> <TD>value <TD>value ... </TR> <TR> <TD>value <TD>value ... <TR> ... <TR> <TD>value <TD>value ... </TR> </TABLE> for column 1, row 1</TD> for column 2, row 1</TD> for column 1, row 2</TD> for column 2, row 2</TD> for column 1, row n</TD> for column 2, row n</TD> The EPICenter server responds to any requests sent by the external application using the above format. The external application first establishes a TCP connection with the EPICenter server. Then the external application must initiate a request by sending a command and any command arguments to the EPICenter server. The EPICenter server responds by sending any results back to the external application through the TCP connection. A normal sequence of requests and responses is as follows: 1 The external application sends an HTTP request to the EPICenter server to get the port number, as follows: http://<EPICenter_server>:<EPICenter_web_port>/everest/getport 2 The external application establishes a connection with the EPICenter server on the port number retrieved from step 1. 3 The external application sends a “login” command request to the EPICenter server. 4 The EPICenter server verifies the login request and responds with a login success or failure. If the login fails, the external application may try step 2 again. The external application has 60 seconds to successfully login. After 60 seconds, the EPICenter server closes the TCP connection with the external application if no successful login is established. EPICenter Software Installation and User Guide 495 EPICenter External Access Protocol 5 The external application sends a “dbquery” command request and arguments to the EPICenter server. 6 The EPICenter server sends a response back to the external application. 7 Step 4 through 5 may be repeated as many times as needed. 8 The external application sends a “logout” command request to the EPICenter server. 9 The EPICenter server closes the TCP connection with the external application. The EPICenter server accepts a maximum of 5 simultaneous external connections. The next section describes the set of commands understood by the EPICenter server. EPICenter Server Commands Login Command The external application should send the following data to login: <command><param>login</param><param>name</param><param>password</param></command> name and password should be substituted by the external application. If the login is successful, the server sends: <H2>REQUEST COMPLETE, welcome to the EPICENTER server</H2> If the login failed, the server sends: <H2>ERROR, Invalid login, try again.</H2> The external application should check the result code in the message to determine the success or failure of the login. “REQUEST COMPLETE” is login successful, “ERROR” is login failed. Dbquery Command The external application may send the following to issue a dbquery command: <command><param>dbquery</param><param>sql</param>[<param>variable 1</param>...]</command> sql is a SQL SELECT statement that may contain ? characters for variable substitution. For each ? in the SQL statement, there must be a corresponding <PARAM> variable </PARAM> where the variable will be placed in the location of the ? character when the server process the SELECT statement. For example: <command><param>dbquery</param><param>select * from Employee where name = ‘Bob’</param></command> <command><param>dbquery</param><param>select * from Employee where name = ? </param<PARAM>Bob</PARAM></command> Both query command produces the same result. But the second form of the SQL query using the ? substitution allows the external application to specify values without using any special quoting. For example, given the following SQL query: select * from Store where name = ‘Al’s Brewery’ 496 EPICenter Software Installation and User Guide External Access Protocol Structure Note that the name must match “Al’s Brewery”, which has a ‘ (single quote) character in it. But the standard SQL statement must quote its string inside a pair of single quote characters. As a result, the external application must specify the above query using the following select statement: select * from Store where name = ? followed by “Al’s Brewery” as a separate parameter to be substituted for the ?. The EPICenter server responds to the dbquery command with either an error message or a table of results. If an error occurs while processing the query, the server sends back: <H2>ERROR, error message text</H2> If it is a table of results, the EPICenter server sends back a table of 2 or more rows. The first row contains the column name of each column in the resulting table. The second row contains the column type of each column in the resulting table. Rows 3 to n contains the actual row values in the table. For example, if the external application sends the following: <command><param>dbquery</param><param>select * from Employee</param></command> The result may be: <TABLE> <TR> <TD>name</TD> <TD>age</TD> </TR> <TR> <TD>varchar(10)</TD> <TD>integer</TD> </TR> <TR> <TD>Bob</TD> <TD>31</TD> </TR> <TR> <TD>Jane</TD> <TD>27</TD> </TR> </TABLE> When viewed as a table, the returned result looks as follows: name age varchar(10) integer Bob 31 Jane 27 Policy Command The policy command can be used by an external application to control the policy server. The external application must be logged in to the EPICenter server with administrator or manager privilege (see Login command). The policy command has the following syntax: <command><param>policy</param><param>command</param>[<param>arg1</param>...]</command> EPICenter Software Installation and User Guide 497 EPICenter External Access Protocol command is one of the following: enable Enables one or more policies by name. The arguments to this command are one or more policy names. disable Disables one or more policies by name. The arguments to this command are one or more policy names. configure Configures all policies on a set of devices. The external application can provide an optional set of arguments to specify the devices that should be configured. If no arguments are present, all policies are applied to all devices being managed. If arguments are present, then each argument is assumed to be either the IP address of a device or the name of a device or group object. • If the argument is an IP address, then policies on the device with that IP address are configured. • If the argument is a name, then all devices with that name are configured, and devices within groups with that name are configured. The result from one of these commands is a single message from the server in the form of: <H2>ERROR, error message text</H2> or <H2>REQUEST COMPLETE, server message text</H2> Logout Command The external application sends the following to logout from the EPICenter server: <command><param>logout</param></command> The EPICenter server sends the following response and closes the TCP connection immediately afterward. <H2>INFO, See you later</H2> Other Commands When the EPICenter server receives a command that it cannot understand, the server responds with: <H2>ERROR, Unknown command “command_name”</H2> Other Tags When the external client sends anything in the tag value format that is not a <COMMAND>...</COMMAND>, the EPICenter server ignores such data and does not respond. Tcl Client API The EPICenter server commands are sufficient for any external application to communicate with the EPICenter server. However, the EPICenter software also provides a client API that makes it easier for third-party developers to develop external applications that communicate with the EPICenter server. 498 EPICenter Software Installation and User Guide Tcl Client API Use of this API is not required, although developers may find this API more convenient to use than communicating directly through the TCP connection. The Tcl API is structured as a Tcl package, and is written for Tcl 8.3 or later. Installing and Using the Tcl Client API A Tcl application may install the EPICenterTcl Client API package by copying the directory <EPICenter_install_dir>/tcl/lib/extreme/extr to their Tcl/lib directory. Alternatively, the Tcl application may append the location <EPICenter_install_dir>/tcl/lib/extreme/extr to the Tcl auto_path variable. This allows Tcl to find the code for the EPICenter Tcl Client API. In Solaris, you must also set the environment variable LD_LIBRARY_PATH to the location of the tcl/lib directory. To use the EPICenter Tcl Client API, the Tcl application must include the following statement: package require extr This automatically loads the required code into the Tcl application from the <path>/extr directory. The package creates a extr name space, in which a set of Tcl functions is available to the Tcl application. These functions allow the Tcl application to connect, login, send database queries, send policy configuration commands, and logout from an EPICenter server. The functions use Tcl sockets to connect with the EPICenter server, send commands and receive responses according to the EPICenter external access protocol. See <path>/extr/extr.tcl for documentation and implementation of the Tcl functions. The following namespace variable is available to the Tcl application: extr::version the version number of the Tcl Client API package. e.g. 3.1 Tcl Exported Functions The following section describes the four functions exported from the extr namespace. Most Tcl applications can use these four functions to communicate with the EPICenter server. Connect Function # # extr::connect ?hostname? ?portnum? ?servlet? # # Opens a connection with the given hostname and port number. # First use http://$hostname:$portnum/$servlet/getport to # retrieve the currently server side port number. Then use a # socket to connect to that port number. # # Arguments: # hostname (optional) ip or host name of the EPICenter # server. Defaults to "localhost". # httpport (optional) the port number of the EPICenter Web # server. Defaults to 80. EPICenter Software Installation and User Guide 499 EPICenter External Access Protocol # servlet (optional) the path to the EPICenter servlet. Defaults to # "everest" # # Returns: # channel_id channel id of the socket connecting to the # remote EPICenter server. # Exception: # When the connection cannot be established, this function # throws an error. # Login Function # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # extr::login channel_id ?name? ?password? Send the given name and password to the EPICenter server to login. If the client does not login, the server will close the connection after a timeout. Arguments: channel_id channel id returned by extr::connect name (optional) login name. Defaults to "user" password (optional) password. Defaults to "" (no password) Returns: 1 0 login is successful login failed Exceptions: This function may throw an error if there is a problem communicating with the server through the given channel. extr::logout channel_id Log out the current connection with the EPICenter server. Argument channel_id channel id returned by extr::connect Returns: <none> Exceptions: <none> 500 EPICenter Software Installation and User Guide Tcl Client API Query Function # # extr::query channel_id ?-raw | -decode flag | -command cmd? sql ?arg arg ...? # # Sends a sql command to the EPICenter server. Retrieves the result. # The result of the command can be either an error message # signaling that there is some syntax error about the sql # command, or a table of data. The EPICenter server returns the # data using its external protocol. # # Currently, only "Select ..." sql statement is accepted by the # EPICenter server. The where clause of the sql statement may contain # ’?’. For each ’?’, the caller must specify an additional # argument containing the value to replace the ’?’ in the sql # statement. For example: # # extr::query $cid \ # "select name_column from Table_A where name_column = ?" \ # "Bob’s Row" # # The string {Bob’s Row} replaces the ? in the sql query. In # this example, the caller does not need to quote the string in # the where clause of the sql statement. # # The result from the EPICenter server is a table encoded in HTML/XML # style tags. The caller may choose to receive this data in its # raw encoded form by using the "-raw" option. This function # can also return the result already decoded into a list of list # of cell data if -raw is not specified. # # The caller can optionally specify -command cmd. If this is # specified, then the user supplied "cmd" is executed after each # row of data is received. See below for the definition of the # "cmd" callback function. # # cmd dataType dataValue # # dataType - one of ERROR, TABLE_BEGIN, # COLUMN_NAME, COLUMN_TYPE, # ROW_DATA, TABLE_FINISH. # dataValue - the value returned from the server # # ERROR - The given dataValue is an error message # returned by the server. # TABLE_BEGIN - Begin of a table. If called with this # type, then the dataValue is always {} # COLUMN_NAME - The given dataValue is a list of column names # returned by the database. This is the first # thing returned by the server when there is no # errors. # COLUMN_TYPE - The given dataValue is a list of column types. # This is the 2nd thing returned by the server # when there are no errors. # ROW_DATA - The given value is a list of column values # for one data row. # TABLE_FINISH - End of the table from the server. When EPICenter Software Installation and User Guide 501 EPICenter External Access Protocol # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # this is called, the dataValue is the total number of data rows fetched. An example callback function may look like this: proc myCallBack { dataType dataValue } { switch $dataType { TABLE_BEGIN {puts "table beginning\n"} TABLE_FINISH {puts "table finished with $dataValue rows.\n"} COLUMN_TYPE {...} ... } } The return value from "cmd" is ignored. If "cmd" throws an error, then the query commands returns with the error. But query will consume all remaining outputs from the server without calling "cmd" further. The dataValue passed to the ’cmd’ are not decoded like in the -raw option. But unlike the -raw option, the values are placed inside a list when the value represents row data such as COLUMN_NAME, COLUMN_TYPE, and ROW_DATA dataType. Arguments: channel_id -raw -decode flag -command cmd sql arg arg ... Returns: list <or> string <or> none channel id returned by extr::connect (optional) the constant "-raw", which controls result data format (optional) 1 if we want to decode the data portion when returning as a list. 0 means don’t decode the data portion. Default is to decode. (optional) the cmd callback, this option is mutually exclusive with respect to the -raw option above. the sql statement (optional) a variable list of 0 or more values, one for each ? appearing in the sql statement a list of list of table cell data if no -raw option is given. Or if -command is used, this is a list of returned values from the calls to "cmd". a string in the form of "<TABLE> ... </TABLE>" for table result or "<H2> ... </H2>" for server side error message if -raw option is given if -command option is used. Exceptions: This function may throw an error if there is a communication problem with the given channel. Additionally, if no -raw option is given, any server returned message also results in an error. 502 EPICenter Software Installation and User Guide Tcl Client API Policy Function # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # extr::policy channel_id [enable|disable|configure] ?arg arg ...? Sends a policy command to the EPICenter server. A policy command can be used to control policy operations on the EPICenter server. Currently the following policy commands are supported: enable policy_name ?policy_name policy_name ...? Enables the policies on the EPIcenter server. arguments are a list of policy names. The disable policy_name ?policy_name policy_name ...? Disables the policies on the EPIcenter server. arguments are a list of policy names. The configure ?[device_ip | group_name] ...? Configures policy on devices. The devices are specified either as device ip address, or as a group name. If a group name is given, all devices within the group are configured. During configuration, all policy types are configured. If no argument is given, the all devices are configured. Note: must be logged in using an account with administrator or manager access level to use this command. Arguments: cid policy_command arg arg ... channel id returned by extr::connect enable | disable | configure arguments to the policy_command Returns: message the result message from the server Exceptions: This function may throw an error if there is a communication problem with the given channel. EPICenter Software Installation and User Guide 503 EPICenter External Access Protocol 504 EPICenter Software Installation and User Guide D EPICenter Database Views This appendix describes the most useful views in the EPICenter database for the purpose of creating Tcl scripts for use in Reports or as Alarm actions. The variables in these views can be accessed using the methods defined in the file extr.tcl found in the <install_dir>/tcl/lib/extreme/extr directory, where <install_dir> is the directory where the EPICenter software resides. They can also be used by external applications. Device Report View Table 21: EPICenter Database Device Report View Extreme_Device_Report Extreme_Device_Report is a database view that has one row for each device that is being managed by the EPICenter server. Some of the columns in the view contain Extreme specific information. If a device is not an Extreme device, the Extreme specific columns contain empty values, such as an empty string. Column Name Column Type device_id integer A database unique id identifying a device. as the primary key.) enterprise_oid integer The enterprise id, e.g. 1916 for extreme networks. system_oid string The partial system oid, e.g. “1916.2.7” for Summit 24. device_group_names string The EPICenter device group name(s) of the device group(s) to which this device belongs, e.g. “default, g1.” device_type_name string The type of the device, e.g. “BlackDiamond 6808” ip string The IP address of the device, e.g. “10.205.0.1”. mac string The MAC address of the device, e.g. “00:e0:2b:00:5e:00”. sysName string The sysName of the device. sysDescription string The sysDescription of the device. sysLocation string The sysLocation of the device. EPICenter Software Installation and User Guide Description (This column can be used 505 EPICenter Database Views Column Name Column Type Description sysContact string The sysContact of the device. read_write_community string The read/write SNMP community string. read_only_community string The read-only SNMP community string. cli_login string The CLI/Telnet login name of the device. cli_password string The CLI/Telnet password for the above login. status string The status of the device: “operational”, “marginal”, or “not responding”. boot_time string The boot time of the device in GMT, e.g. “2000-11-13 21:05:28”. hardware_id string The vendor specific hardware id of the device (not all device have a hardware id). reserved string Reserved field, only used by a Cisco device to store Cisco specific information. ip_forwarding string “true” if the device is a router, “false” otherwise. current_software string The software version of the device. The following columns are Extreme specific: primary_image string The primary software image version on the device, e.g. “4.1.9 (2)”. secondary_image string The secondary software image version on the device, e.g. “6.1.5b20”. boot_rom string The version of the device’s boot rom, e.g. “7.2”. image_after_reboot string The image to use after a switch reboot: “primary”, “secondary”, “neither”, or “unknown”. board_number string The hardware board number. other_numbers string Other hardware board numbers. serial_numbers string The serial number of the device. fan_status_string string The status of all fans on the device, e.g. “fan 1 OK; fan 2 OK; fan 3 OK”. selected_configuration string The currently selected configuration on the device: “primary” or “secondary”. power_status_string string The status of the primary power supply of the device: “fan/temperature alarm”, “not present”, “OK”, “failed”, or “unknown”. rps_status string The status of the redundant power supply of the device: “fan/temperature alarm”, “not present”, “OK”, “failed”, or “unknown”. voltage string The voltage of the power supplied to the device: “110 AC”, “220 AC”, “48 DC”, or “unknown”. temperature integer The current operating temperature of the device in centigrade, e.g. 48. default_gateway string The default gateway of the device, e.g. “10.205.0.1”. 506 EPICenter Software Installation and User Guide Interface Report View Interface Report View Table 22: EPICenter Database Interface Report View Extreme_Interface_Report Extreme_Interface_Report is a database view that has one row for each interface that is being managed by the EPICenter server. Some of the columns in the view contain Extreme specific information. For interface that is not on an Extreme device, the Extreme specific columns are empty, such as an empty string. Column Name Column Type device_id integer A database unique id identifying a device. (This column and the ifIndex column below can be used as the primary key.) ifIndex integer The ifIndex of the interface. (This column and the device_id column above can be used as the primary key.) ifType integer The ifType of the interface. ifPhysicalAddress string The ifPhysicalAddress (MAC address) of the interface. ifDescription string The ifDescription of the interface. port_name string The ifAlias of the interface. configured_media string The configured media information of the interface, e.g. “100BaseTX, full duplex”. actual_media string The actual media information of the interface, e.g. “10BaseTX, half duplex”. auto_negotiation string The status of auto negotiation of the interface: “true” or “false”. admin_status string The admin status of the interface: “enabled” or “disabled”. operation_status string The operational status of the interface: “active”, “ready”, or “failed”. Description The following columns are Extreme specific: IP_Address string The IP address of the device, to which this interface belongs to, e.g. “10.205.0.31”. port_number string The Extreme specific representation for the interface, e.g. “1:3” or “12”. redundant_media string Specify which media is active, for interfaces without any redundant media, the value is always “primary”. For interfaces with redundant media, the value can be either “primary or redundant”. algorithm string When the interface is in load-sharing mode, specify the port sharing algorithm: “none”, “port based”, “address based”, “round robin”, or “unknown”. member_port_number string When the interface is in port sharing mode, specify all members of the port sharing group, e.g. “1:1, 2:1, 2:2, 2:3”. unsignedIPInt integer The IP address number of the device, to which the interface belongs. This is the same IP address as in the IP_Address column, except that the address is represented using a unsigned 32-bit integer: e.g. the IP Address “10.205.0.1” is represented as 181207041. edge string Whether the port is classified as an “Edge” or “Uplink” port. EPICenter Software Installation and User Guide 507 EPICenter Database Views Database Event Log View Table 23: EPICenter Database Event Log View Event_Log_View Event_Log_View is a database view that shows the EPICenter alarm event log, but making the data from each column into a human readable format. Column Name Column Type event_log_id integer An unique id for the event log entry. (This column can be used as the primary key.) event_timeticks integer The time when the event happened. This time is shown as milliseconds since 1970-01-01 00:00:00 GMT. event_time string The time when the event happened. This is the same time as the event_timeticks column except that the time is shown as a string. E.g. “2000-10-21 14:20:21 GMT” event_source string The IP (and the ifIndex, if appropriate) of the source, from which the event is generated. E.g. “10.205.0.31”, “10.205.0.31, port 2:1”, or “10.205.0.2, ifIndex 10”. event_type string The type of the event, e.g. “SNMP Trap: Cold Start” event_ip string The IP address of the source, from which the event is generated. E.g. “10.205.0.31” event_generic integer For SNMP trap based event, this is the generic field of the trap. event_specific integer For SNMP trap based event, this is the specific field of the trap. event_enterprise string For SNMP trap based event, this is the enterprise field of the trap. event_varbinds string For SNMP trap based event, this is the varbinds of the trap. unsignedIPInt integer The IP address number of the device, from which the event originates. This is the same IP address as in the event_ip column, except that the address is represented using a unsigned 32-bit integer: e.g. the IP Address “10.205.0.1” is represented as 181207041. event_count integer The number of consecutive traps of the same type and source received for this event. 508 Description EPICenter Software Installation and User Guide Database Alarm Log View Database Alarm Log View Table 24: EPICenter Database Alarm Log View Alarm_Log_View Alarm_Log_View is a database view that shows the EPICenter alarm log, but making the data from each column into a human readable format. Column Name Column Type alarm_time integer The time when the event happened. This time is shown as milliseconds since 1970-01-01 00:00:00 GMT. This time is unique for all alarm logs. (This column can be used as the primary key.) name string The name of the alarm definition, to which this alarm instance belongs. category string The alarm category as defined in the alarm definition. source string The IP (and the ifIndex, if appropriate) of the source, from which the event that triggered the alarm is generated. E.g. “10.205.0.31”, “10.205.0.31, port 2:1”, or “10.205.0.2, ifIndex 10”. severity string The severity of the alarm as defined in the alarm definition. msg string The alarm message as defined in the alarm definition. ack byte A byte value in hexadecimal representation specifying whether the alarm is ack’ed or not, 00 – not ack’ed; 01 – ack’ed. event_log_id integer The event log id of the event that triggers the alarm. unsignedIPInt integer The IP address number of the device, from which the event that triggers the alarm originates. This is the same IP address as in the event_ip column, except that the address is represented using a unsigned 32-bit integer: e.g. the IP Address “10.205.0.1” is represented as 181207041. EPICenter Software Installation and User Guide Description 509 EPICenter Database Views 510 EPICenter Software Installation and User Guide E Event Types for Alarms This appendix describes the events that can be detected through the EPICenter Alarm System: • SNMP traps • RMON Rising and Falling traps • EPICenter events • Syslog messages Unless stated otherwise, events defined below are applicable to all MIB-2 devices managed by the EPICenter server. SNMP Trap Events Table 25: SNMP Trap Events Event Definition Authentication Failed This trap indicates that a SNMP request with an invalid community string is issued to the device. ExtremeWare Version All BGP Backward Transition The BGPBackwardTransition Event is generated when the BGP FSM moves from a higher numbered state to a lower numbered state. 6.1.9 or later BGP Established The BGP Established event is generated when the BGP FSM enters the ESTABLISHED state. 6.1.9 or later BGP Prefix Max Exceeded Extreme Networks proprietary trap. This trap indicates that the number 6.2.2 or later of prefixes received over this peer session has reached the maximum configured limit. BGP Prefix Reached Threshold Extreme Networks proprietary trap. This trap indicates that the number 6.2.2 or later of prefixes received over this peer session has reached the threshold limit. Cold Start This trap indicates that the device is rebooted by power recycling. Extreme switches always send out this trap after a reboot. All CPU Utilization Falling Threshold Extreme Networks proprietary trap. CPU Utilization Falling Trap is generated when the extremeCpuAggregateUtilization falls below 80% of the extremeCpuUtilRisingThreshold. 6.2 or later EPICenter Software Installation and User Guide 511 Event Types for Alarms Table 25: SNMP Trap Events (continued) ExtremeWare Version Event Definition CPU Utilization Rising Threshold Extreme Networks proprietary trap. CPU Utilizations Rising trap is generated when the value of extremeCpuAggregateUtilization touches/crosses extremeCpuUtilRisingThreshold. 6.2 or later Dsx1 Line Status Change Extreme Networks proprietary trap. Indicates that the DS1 line status change for the specified interface has been detected. 6.1.8b66 Dsx1 Loss of Master Clock Extreme Networks proprietary trap. Indicates that the wanDsx1LossOfMasterClock event for the specified interface has been detected. 6.1.8b66 Dsx1 No Loss of Master Clock Extreme Networks proprietary trap. Indicates that the wanDsx1NoLossOfMasterClock event for the specified interface has been detected. 6.1.8b66 Dsx3 Line Status Change Extreme Networks proprietary trap. Indicates that the T3 line status change for the specified interface has been detected. 6.1.8b66 Dsx3 Loss of Master Clock Extreme Networks proprietary trap. Indicates that the wanDsx3LossOfMasterClock event for the specified interface has been detected. 6.1.8b66 Dsx3 No Loss of Master Clock Extreme Networks proprietary trap. Indicates that the wanDsx3NoLossOfMasterClock event for the specified interface has been detected. 6.1.8b66 EDP Neighbor Added Extreme Networks proprietary trap. A new neighbor has been discovered through the Extreme Discovery Protocol (EDP). 6.1 or later EDP Neighbor Removed Extreme Networks proprietary trap. No EDP updates have been received from this neighbor within the configured timeout period, and this neighbor entry has been aged out by the device. 6.1 or later EGPNbrLoss An EGP neighbor for which the device is an EGP peer is down and the peer relationship no longer exists. An Extreme Networks switch never sends out this trap. None ESRP State Change Extreme Networks proprietary trap. This trap indicates that the ESRP state (master or slave) of a VLAN has changed on the device. 6.0 or later Fan Failed Extreme Networks proprietary trap. This trap indicates one or more of the cooling fans inside the device has failed. A fan OK trap will be sent once the fan has attained normal operation. This trap is sent repetitively every 30 seconds until all the fans are back to normal condition. All Fan OK Extreme Networks proprietary trap. This trap indicates that a fan has transitioned out of a failure state and is now operating correctly. All Health Check Failed Extreme Networks proprietary trap. The CPU HealthCheck has failed 6.1.5 or later Invalid Login Extreme Networks proprietary trap. This trap indicates that a user attempted to login to console or by telnet but was refused access due to incorrect user name or password. The trap is issued after three consecutive failure of log in. All Link Down This trap indicates that a port becomes inactive from previous active state. All Link Up This trap indicates that a port becomes active from previous inactive state. All MAC Security Trap Extreme Networks proprietary trap. This trap is generated for a port on which limit-learning has been configured when a new MAC address exceeding the limit is learned on the specified port. 512 EPICenter Software Installation and User Guide SNMP Trap Events Table 25: SNMP Trap Events (continued) ExtremeWare Version Event Definition OSPF Interface Authentication Failure An ospfIfAuthFailure trap signifies that a packet has been received on a non-virtual interface from a router whose authentication key or authentication type conflicts with this router’s authentication key or authentication type. 6.1.9 or later OSPF Interface Config Error An ospfIfConfigError trap signifies that a packet has been received on a non-virtual interface from a router whose configuration parameters conflict with this router’s configuration parameters. Note that the event optionMismatch should cause a trap only if it prevents an adjacency from forming. 6.1.9 or later OSPF Interface Receive Bad Packet An ospfIfRxBadPacket trap signifies that an OSPF packet has been received on a non-virtual interface that cannot be parsed. 6.1.9 or later OSPF Interface State Change An ospfIfStateChange trap signifies that there has been a change in 6.1.9 or later the state of a non-virtual OSPF interface. This trap should be generated when the interface state regresses (e.g., goes from Dr to Down) or progresses to a terminal state (i.e., Point-to-Point, DR Other, Dr, or Backup). OSPF LSDB Approaching An ospfLsdbApproachingOverflow trap signifies that the number of Overflow LSAs in the router’s link-state database has exceeded ninety percent of ospfExtLsdbLimit. 6.1.9 or later OSPF LSDB Overflow An ospfLsdbOverflow trap signifies that the number of LSAs in the router’s link-state database has exceeded ospfExtLsdbLimit. 6.1.9 or later OSPF Max_Age LSA An ospfMaxAgeLsa trap signifies that one of the LSA in the router’s link-state database has aged to MaxAge. 6.1.9 or later OSPF Neighbor State Change An ospfNbrStateChange trap signifies that there has been a change in 6.1.9 or later the state of a non- virtual OSPF neighbor. This trap should be generated when the neighbor state regresses (e.g., goes from Attempt or Full to 1-Way or Down) or progresses to a terminal state (e.g., 2-Way or Full). When an neighbor transitions from or to Full on non-broadcast multi-access and broadcast networks, the trap should be generated by the designated router. A designated router transitioned to Down will be noted by ospfIfStateChange. OSPF Originate LSA An ospfOriginateLsa trap signifies that a new LSA has been originated by this router. This trap should not be invoked for simple refreshes of LSAs (which happens every 30 minutes), but instead will only be invoked when an LSA is (re)originated due to a topology change. Additionally, this trap does not include LSAs that are being flushed because they have reached MaxAge. 6.1.9 or later OSPF TX_Retransmit An ospfTxRetransmit trap signifies than an OSPF packet has been retransmitted on a non- virtual interface. All packets that may be retransmitted are associated with an LSDB entry. The LS type, LS ID, and Router ID are used to identify the LSDB entry. 6.1.9 or later OSPF Virtual Interface Authentication Failure An ospfVirtIfAuthFailure trap signifies that a packet has been received on a virtual interface from a router whose authentication key or authentication type conflicts with this router’s authentication key or authentication type. 6.1.9 or later OSPF Virtual Interface Config Error An ospfVirtIfConfigError trap signifies that a packet has been received on a virtual interface from a router whose configuration parameters conflict with this router’s configuration parameters. Note that the event optionMismatch should cause a trap only if it prevents an adjacency from forming. 6.1.9 or later OSPF Virtual Interface Receive Bad Packet An ospfVirtIfRxBadPacket trap signifies that an OSPF packet has been received on a virtual interface that cannot be parsed. 6.1.9 or later EPICenter Software Installation and User Guide 513 Event Types for Alarms Table 25: SNMP Trap Events (continued) ExtremeWare Version Event Definition OSPF Virtual Interface State Change An ospfVirtIfStateChange trap signifies that there has been a change in the state of an OSPF virtual interface. This trap should be generated when the interface state regresses (e.g., goes from Point- to-Point to Down) or progresses to a terminal state (i.e., Point-to-Point). 6.1.9 or later OSPF Virtual Interface TX An ospfVirtIfTxRetransmit trap signifies than an OSPF packet has Retransmit been retransmitted on a virtual interface. All packets that may be retransmitted are associated with an LSDB entry. The LS type, LS ID, and Router ID are used to identify the LSDB entry. 6.1.9 or later OSPF Virtual Neighbor State Change An ospfVirtNbrStateChange trap signifies that there has been a 6.1.9 or later change in the state of an OSPF virtual neighbor. This trap should be generated when the neighbor state regresses (e.g., goes from Attempt or Full to 1-Way or Down) or progresses to a terminal state (e.g., Full). Overheat Extreme Networks proprietary trap. This trap indicates that the on board temperature sensor has reported an overheat condition. This indicates the temperature has reached the Overheat threshold. The switch will continue to function until it reaches its shutdown threshold. The system will then shutdown until the unit has sufficiently cooled such that operation may begin again. A cold start trap will be issued when the unit has come back on line. This trap is sent repetitively every 30 seconds until the temperature goes back to normal. All Ping Probe Failed Generated when a probe failure is detected when the corresponding pingCtlTrapGeneration object is set to probeFailure(0) subject to the value of pingCtlTrapProbeFailureFilter. The object pingCtlTrapProbeFailureFilter can be used to specify the number of successive probe failures that are required before this notification can be generated. 6.1.9 or later Ping Test Completed Generated at the completion of a ping test when the corresponding pingCtlTrapGeneration object is set to testCompletion(4). 6.1.9 or later Ping Test Failed Generated when a ping test is determined to have failed when the 6.1.9 or later corresponding pingCtlTrapGeneration object is set to testFailure(1). In this instance pingCtlTrapTestFailureFilter should specify the number of probes in a test required to have failed in order to consider the test as failed. Power Supply Failed Extreme Networks proprietary trap. This trap indicates that one or more sources of power have failed. Presumably a redundant power-supply has taken over. This trap is sent repetitively every 30 seconds until all the power supplies are back to normal condition. All Power Supply OK Extreme Networks proprietary trap. This trap indicates that one or more previously bad sources of power have come back to life without causing the device to restart. All Processor State Change Extreme Networks proprietary trap. This trap indicated a failed processor on an NP module is detected. Redundant Power Supply Failed Extreme Networks proprietary trap. This trap indicates that the attached redundant power supply device is indicating an alarm condition. This trap is sent repetitively every 30 seconds until the redundant power supply is back to normal condition. All Redundant Power Supply OK Extreme Networks proprietary trap. This trap indicates that the attached redundant power supply device is no longer indicating an alarm condition. All 514 EPICenter Software Installation and User Guide RMON Rising Trap Events Table 25: SNMP Trap Events (continued) ExtremeWare Version Event Definition SLB Unit Added Extreme Networks proprietary trap. This trap indicates that the server load balancer has activated a group of virtual servers that it normally would not activate. This may be due to the failure of another server load balancer. 6.1 or later SLB Unit Removed Extreme Networks proprietary trap. This trap indicates that the server load balancer has deactivated a group of virtual servers that it normally has active. This indicates that something is wrong in the server load balancer; for example, its ping check may be failing. 6.1 or later STP New Root Extreme Networks proprietary trap. This trap indicates that the sending agent has become the new root of the Spanning Tree; the trap is sent by a bridge soon after its election as the new root, e.g., upon expiration of the Topology Change Timer immediately subsequent to its election. 6.2.2 or later STP Topology Change Extreme Networks proprietary trap. A topologyChange trap is sent by a bridge when any of its configured ports transitions from the Learning state to the Forwarding state, or from the Forwarding state to the Blocking state. The trap is not sent if a newRoot trap is sent for the same transition. 6.2.2 or later Slot Change Extreme Networks proprietary trap. This trap indicates that the value of the extremeSlotModuleState for the specified extremeSlotNumber has changed. All Smarttrap Extreme Networks proprietary trap. This trap indicates that the value of one of the object identifiers (or the value of an object below that in the MIB tree) defined in the extremeSmartTrapRulesTable has changed, and hence a new entry has been created in the extremeSmartTrapInstanceTable. Such a trap is sent at most once every thirty seconds if one or more entry was created in the last thirty seconds. All Warm Start Trap indicates that the device has been rebooted without power recycling. An Extreme Networks switch never sends out this trap. None RMON Rising Trap Events This trap indicates that the value of the MIB variable being monitored has risen to or above the rising threshold value. RMON rules need to be configured on a device for it to send out this trap. See “Threshold Configuration” in Chapter 5 for more information. RMON Falling Trap Events This trap indicates that the value of the MIB variable being monitored has fallen to or below the falling threshold value. RMON rules need to be configured on a device for it to send out this trap. See “Threshold Configuration” in Chapter 5 for more information. EPICenter Software Installation and User Guide 515 Event Types for Alarms EPICenter Events An EPICenter event is generated by the EPICenter server based on the results of its periodic polling. In some cases, an EPICenter event may result from the same condition that could generate an SNMP or other trap. An EPICenter event has the advantage that it guarantees that the condition will be detected (by polling) even if the corresponding trap is missed. Table 26: EPICenter Events, Detected Through Polling Event Definition Configuration Upload Failed The EPICenter server generates this event when it fails to upload configuration information from a device. This event occurs ONLY when the upload is attempted from EPICenter, not if it was attempted from Telnet, ExtremeWare Vista or any other method. Configuration Upload OK The EPICenter server generates this event when it successfully uploads configuration from a device. This event occurs ONLY when the upload is done from EPICenter, not from Telnet, ExtremeWare Vista or any other method. Device Policy Configuration The EPICenter server generates this event when it encounters a problem configuring policies on a device using ACL and QoS. Device Reboot The EPICenter server generates this event for a device when it detects a device reboot (cold start or warm start). Unlike the cold start or warm start SNMP trap, EPICenter generates this event by polling the device. Device Warning from EPICenter For Extreme Networks devices only. The EPICenter server generates this event in one of two situations: • If the server detects and infinite loop while walking the device’s SNMP MIB (may occur with ExtremeWare 4.1.19b2) • If the device has a bad serial number reported through SNMP (may occur with ExtremeWare 6.2.1 on the BlackDiamond 6816). Fan Failed For Extreme Networks devices only. The EPICenter server generates this event for an Extreme device when it detects, via polling, a transition from fan OK to fan failed condition on the device. Unlike the SNMP Fan Failed trap event, this event is generated only once, based on a state transition. As an alternative, you can detect a Fan Failed condition by using the SNMP Fan Failed trap, which will be generated every 30 seconds until the condition is corrected. Overheat For Extreme Networks devices only. The EPICenter server generates this event for an Extreme device when it detects a transition from normal temperature to overheat condition on the device. Unlike the SNMP overheat trap event, this event is based on a state transition, and will be generated only once. As an alternative, you can detect an Overheat condition by using the SNMP Overheat trap, which will be generated every 30 seconds until the condition is corrected. Power Supply Failed For Extreme Networks devices only. The EPICenter server generates this event if the device reports a power supply failure. SNMP Unreachable The EPICenter server generates this event when it fails to communicate with a device following a previously successful communication. In other words, this event is generated when the state of communication with the device transitions from reachable to unreachable. SNMP Reachable The EPICenter server generates this event when the state of communication with the device transitions from unreachable to reachable. Syslog Flood The EPICenter server generates this event if the server receives syslog messages at a rate that exceeds the user-defined limit set in the Administration applet via the Scalability Properties. See “Server Properties Administration” on page 363 in Chapter 16, , for more information. 516 EPICenter Software Installation and User Guide F EPICenter Backup This appendix describes the following: • The EPICenter Alarm Log and Event Log backup files • The DBVALID command-line database validation utility • The DBBACKUP command-line database backup utility EPICenter Log Backups Both the EPICenter Event Log and Alarm Log files are kept in tables in the EPICenter database. These tables can contain approximately 50,000 and 10,000 entries, respectively. When the EPICenter server starts, it checks once every 24 hours to determine if either of these logs has reached its maximum size. When one reaches its maximum, EPICenter moves the oldest 10% of the entries to a backup file, and clears those entries from the table. For Windows, the backup files are created in the directory <install_dir>/user, where <install_dir> is the root directory of the EPICenter install, by default c:\Program Files\Extreme Networks\EPICenter 4.1. For Solaris, the backup files are created in the directory /opt/extreme/epc4_1/user, where /opt/extreme/epc4_1 is the <install_dir>. • The Alarm Log is backed up to the file Alarm_Log.txt • The Event Log is backed up to the file Event_Log.txt Each primary backup file is in turn backed up to a secondary file when it reaches its maximum size of approximately 30MB for Event_Log.txt and 6MB for Alarm_Log.txt. • Alarm_Log.txt is backed up to the file Alarm_Log.old • Event_Log.txt is backed up to the file Event_Log.old The primary file is then emptied. When the primary file becomes full for the second time, the secondary backup file will be overwritten with the new contents of the primary backup file. If you want to maintain a complete set of log file backups over time, you should save the *_Log.txt and *_Log.old files periodically. EPICenter Software Installation and User Guide 517 EPICenter Backup Database Utilities Sybase database validation and backup utilities are shipped with the EPICenter software. The Validation utility validates all indexes and keys on some or all of the tables in the database. The Validation utility scans the entire table and looks up each record in every index and key defined on the table. This utility can be used in combination with regular backups to give you confidence in the security of the data in your database. The Backup utility makes a backup copy of all data in the database, except for user names and passwords, which are kept in separate files. Backing up your database regularly will ensure that you will not need to re-enter or recreate all the switch, VLAN, Topology, and Alarm information in the event that the database is corrupted or destroyed. Both database utilities are found in the <install_dir>\database directory. < install_dir> is the directory where you installed the EPICenter software. Substitute the name of the actual directory for <install_dir> when you run these commands. NOTE In the Solaris environment, you must ensure that the EPICenter database path is set in the LD_LIBRARY_PATH environment variable. This should be set to <install_dir>/database where <install_dir> is the root directory of the EPICenter install, for example /opt/extreme/epc4_1. The Validation Utility The Validation utility validates all indexes and keys on some or all of the tables in the database. Access the Validation utility from the MS DOS or Solaris command line using the dbvalid command. This convention also allows incorporation into batch or command files. Using the DBVALID Command-line Utility To validate the EPICenter database running under Windows, use the command: <install_dir>\database\dbvalid -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” Under Solaris, use the command: <install_dir>/database/dbvalid -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>/basecamp.db” This example assumes a database user ID of dba, with password sql. These are the defaults used when the database server is installed through the EPICenter installation process. If you have changed your database user ID and password, substitute your actual user ID and password in the command. <install_dir> is the directory where the EPICenter software is installed. Substitute the actual directory name in the command. This operation should report no errors. If there are errors, the system should be stopped and a backup database copied into place. See “Installing a Backup Database” on page 520. If there are no backups, the EPICenter software must be re-installed. 518 EPICenter Software Installation and User Guide The Backup Utility Syntax: dbvalid [switches] Table 27: dbvalid Command Switches Switch Description -c “keyword=value; ...” Supply database connection parameters Database Connection Parameters These are the parameters for the -c command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set. Table 28: Database Connection Parameters for dbvalid Utility uid=<user name> The user name used to login to the database. Default is dba. The user ID must have DBA authority. pwd=<password> The password used to login to the database. Default is sql. dbf=<database_file> The name of the file that stores the data. This is the file to be validated. eng=EPIC41 The name of the database engine. This value must be EPIC41 for EPICenter 4.1. The connection parameters are separated by semicolons, and the entire set must be quoted. For example, under Windows, the following validates the EPICenter, connecting as user ID dba with password sql: <install_dir>\database\dbvalid -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” The Backup Utility The Backup utility makes a backup copy of all data in the database, except for user names and passwords. Access the Backup utility from the MS DOS or Solaris command line using the dbbackup command. This convention also allows incorporation into batch or command files. The DBBACKUP Command-line Utility To back up the EPICenter database running under Windows, use the command: <install_dir>\database\dbbackup -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” <backup_dir> Under Solaris, use the command: <install_dir>/database/dbbackup -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>/basecamp.db” <backup_dir> This example assumes a database user ID of dba, with password sql. These are the defaults used when the database server is installed through the EPICenter installation process. If you have changed your database user ID and password, substitute your actual user ID and password in the command. EPICenter Software Installation and User Guide 519 EPICenter Backup <install_dir> is the directory where the EPICenter software is installed. Substitute the actual directory name in the command. <backup_dir> is the directory where the backup copy of the database should be stored. Substitute an actual directory name in the command. This command generates a backup of the database in the specified backup directory. The backup consists of two files, basecamp.db and basecamp.log. All database files are backed up. These files should be saved so they can be used to replace the original files in the event of a problem. NOTE Do not stop the EPICenter server to perform daily backups of the database. This action is not necessary and will prevent the alarm and event logs from truncating. Syntax: dbbackup [switches] directory Table 29: dbbackup Command Switches Switch Description -c “keyword=value; ...” Supply database connection parameters -y Replace files without confirmation Database Connection Parameters These are the parameters for the -c command-line switch. If the connection parameters are not specified, connection parameters from the SQLCONNECT environment variable are used, if set. Table 30: Database Connection Parameters for dbbackup Utility uid=<user name> The user name used to login to the database. Default is dba. The user ID must have DBA authority. pwd=<password> The password used to login to the database. Default is sql. dbf=<database_file> The name of the file that stores the data. This is the file to be backed up. eng=EPIC41 The name of the database engine. This value must be EPIC41 for EPICenter 4.1. The connection parameters are separated by semicolons, and the entire set must be quoted. For example, under Windows, the following backs up the EPICenter database basecamp.db, connecting as user ID dba with password sql: <install_dir>\database\dbbackup -c “uid=dba;pwd=sql;eng=EPIC41;dbf=<install_dir>\basecamp.db” c:\tmp Installing a Backup Database The backup database is named basecamp.db, and is kept in the directory you specified when you ran the dbbackup command (c:\tmp in the example). 520 EPICenter Software Installation and User Guide The Backup Utility To replace a damaged database with the backup copy, follow these steps: 1 Shut down the EPICenter software following the instructions for your operating system in the EPICenter Software Installation and User Guide. 2 Move or delete the old copy of basecamp.db and basecamp.log found in the EPICenter installation directory. 3 Copy the backup copy of basecamp.db and basecamp.log to the EPICenter installation directory. 4 Restart the EPICenter software following the instructions in the EPICenter Software Installation and User Guide for your operating system environment. EPICenter Software Installation and User Guide 521 EPICenter Backup 522 EPICenter Software Installation and User Guide G Dynamic Link Context System (DLCS) This appendix describes: • How the EPICenter policy system uses the Dynamic Link Context System (DLCS) to map logical end stations (users, hosts) to physical attributes • How to enable DLCS on Extreme switches running ExtremeWare 5.0 or later • Limitations of DLCS as implemented in ExtremeWare 5.0 Overview of DLCS DLCS is a feature that snoops Windows Internet Naming Service (WINS) NetBIOS packets and creates a mapping between a user name, the IP address of the host, and the switch and port. Based on the information in the packet, DLCS can detect when a host boots up or shuts down, or a user logs in or logs out. When a host boots up, DLCS associates its name and IP address to a port on a switch. Similarly, when a user logs in, DLCS associates the user with a host, and thus a switch port. Such learned information is discarded when the user logs out, or when the host is shut down. This information is used by the EPICenter software in setting policies that can be applied to users. These policies can dynamically follow a user's location if auto configuration of policies is enabled. For DLCS to operate within ExtremeWare, the user or host must allow automatic DLCS updates. This feature should only be used in conjunction with the EPICenter Policy Manager. EPICenter uses DLCS information to create a policy object for a user or host that is mapped to the appropriate physical attributes (IP address, switch, and port). Using DLCS with the Policy Manager For DLCS to operate within the EPICenter policy system, two conditions must be met: • DLCS must be enabled on the switch. • In the Policy Manager client, the user or host must be set to allow automatic DLCS updates. If both of these conditions are true, the policy system will expect to get current physical attributes for the user or host dynamically through DLCS. If auto configuration is enabled in the Policy Manager client, then dynamic data learned through DLCS will also update the configured policies. EPICenter Software Installation and User Guide 523 Dynamic Link Context System (DLCS) DLCS Properties The following guidelines must be used when using DLCS: • Only one user can be attached to a host at a given time. This is always the last user that logged in. • A user may be logged into many hosts simultaneously. • An IP address can be learned on only one port in the network at a given time. • Multiple IP addresses can be learned on the same port. • DLCS mapping is flushed when a user logs in or logs out or when a host is shut down. Enabling DLCS on an Extreme Switch DLCS must be enabled on the switch for Enterprise Manager to make use of the capability. It cannot be enabled directly from the Enterprise Manager; it must be enabled using the ExtremeWare CLI through Telnet. Thus, DLCS is not an option under the ExtremeView Configuration features. However, you can use the ExtremeView Telnet feature to access the switch and enable DLCS. To enable DLCS on a switch, follow these steps: 1 Click the ExtremeView icon in the EPICenter Navigation Toolbar. 2 Select Telnet in the component tree, then select the switch you want to configure. 3 Use the enable dlcs command to enable DLCS snooping of packets on the switch. 4 Enable the ports on which you want to snoop. You can enable individual ports, or all ports on the switch. enable dlcs fast-ethernet-ports | ports <port-number> | all DLCS should be enabled on all edge ports (ports that are directly connected to workstations, servers, and unintelligent hubs). DLCS should not be enabled on trunk or uplink ports. 5 To see which ports are snooping WINS packets, and what data has been learned: show dlcs 6 To clear all DLCS data that has been learned: clear dlcs 7 Type quit to exit the Telnet session. DLCS Limitations Certain limitations in the ExtremeWare 5.0 implementation of DLCS should be considered with regard to the data received from WINS snooping: • DLCS will not work for the WINS server itself, because the WINS server will not send NetBIOS packets on the network (these packets are address to itself). This means that the host name of the WINS server, and any users on the WINS server, cannot be learned by DLCS. • When the IP address of a host is changed, and the host is not immediately rebooted, the old host to IP address mapping will never be deleted. You must delete the mapping of the host to IP address through the EPICenter Policy Manager client. 524 EPICenter Software Installation and User Guide DLCS Limitations • When a host is moved from one port to another port on a switch, the old entry will not age out, unless the host is rebooted or a user login operation is performed after the host is moved. • DLCS information is dynamic. Therefore, if the switch is rebooted, the DLCS information is lost. However, this information is still stored in the EPICenter database. To delete the information from the policy system, you must explicitly delete the configuration parameters using the EPICenter Policy Manager client. Alternatively, you can delete the rebooted switch from the EPICenter database using the Delete Device function in the Inventory Manager. Then re-add the switch using the Inventory Manager Add Device function. • DLCS is not currently supported on hosts with multiple NIC cards. ISQ Improvements ExtremeWare versions 6.1 or later do not require any Intra-Subnet QoS (ISQ) settings for DLCS. However, a VLAN must have an IP address in order for DLCS to function on ports on that VLAN. For ExtremeWare 5.x, ISQ has been improved to also allow the application of IP QoS for traffic on a Layer 2 switch that is destined outside the served subnet. If your switch is running in L2 mode, and you want to snoop Layer 4 (NetBIOS) packets, you can do so using ISQ. To configure this capability, you will need the MAC address of the next-hop router (or the MAC address of the WINS server, if the server is on the same subnet) and a list of the IP addresses of the WINS servers. The IP packets to this MAC address and the specified IP addresses are then snooped. After DLCS has been enabled, the following commands should be used for this configuration: • Create a list of WINS servers whose packets should be snooped: create isq-server <name> • Add the WINS server IP addresses to this list: config isq-server <name> add ipaddress <WINS-server-ipaddress1> config isq-server <name> add ipaddress <WINS-server-ipaddress2> ••• • Configure the MAC address of the next hop router: config isq-server <name> add mac <mac-address-of-next-hop> vlan <vlan-name> EPICenter Software Installation and User Guide 525 Dynamic Link Context System (DLCS) 526 EPICenter Software Installation and User Guide H EPICenter Policy System Feature Comparison This appendix describes: • A summary of the features available through the ExtremeWare Command Line Interface (CLI) that are supported by the EPICenter Policy Manager • A summary of the policy features available in Cisco IOS 11.2 that are supported by the EPICenter Policy Manager • A discussion of Policy Manager issues and limitations related to support of policies on Extreme Networks devices and Cisco devices ExtremeWare 6.2 Features Supported EW 6.2.x Features Supported in EPICenter Notes Access-List Source ip/subnet/wildcard Yes Destination ip/subnet/wildcard Yes Source L4 port/range/wildcard Yes Destination L4 port/range/wildcard Yes Protocol IP, UDP, TCP Yes Protocol ICMP Partial Can display ICMP access-list created via CLI. Does not configure any access-list using ICMP protocol. Ingress port list Partial Can display access-list with ingress port list. Does not configure any access-list using ingress port list. Deny, Permit, Permit-Established actions Yes* “Deny” is displayed as “blackhole” QoS profile. Precedence Yes† EPICenter Software Installation and User Guide “Permit-Established” can be used in policy as protocol “Deny TCP Sync” and “blackhole” QoS profile. Automatically generated by the policy server. Precedence starting point can be controlled. 527 EPICenter Policy System Feature Comparison EW 6.2.x Features Supported in EPICenter Notes Rules without precedence No All rules must have precedence. ACL name Yes Supports QP1-QP8 Yes * This feature is supported, but the implementation in EPICenter may differ in some respects from its implementation in ExtremeWare. † See the ExtremeWare Software User Guide for information on how the device treats rules without precedence numbers. Source Port QoS Supports QP1-QP8 Yes Supports “blackhole” Yes Source port blackhole is implemented by disabling the source port. VLAN QoS Supports QP1-QP8 Yes QoS Profile Min/Max bandwidth Yes Priority Yes Min/Max Buffer No Per-Port Profile Yes ExtremeWare 6.0.x and 6.1.x Features Supported Supported in EPICenter Notes Source ip/subnet/wildcard Partial Only IP and “ANY” wildcard are supported. Destination ip/subnet/wildcard Yes Source L4 port/range/wildcard Yes Destination L4 port/range/wildcard Yes Protocol IP, UDP, TCP Yes Protocol ICMP Partial EW 6.0.x-EW6.1.x Features Access-List 528 Can display ICMP access-list created via CLI. Does not configure any access-list using ICMP protocol. EPICenter Software Installation and User Guide ExtremeWare 5.x Features Ingress port list Partial Can display access-list with ingress port list. Does not configure any access-list using ingress port list. Deny, Permit, Permit-Established actions Partial “Deny” is displayed as “blackhole” QoS profile. Precedence No EPICenter cannot display any rules with precedence number. Rules without precedence Yes* EPICenter cannot set rules with precedence number. All EPICenter access-list rules appear with a precedence number of 0. It is up to the device to determine how to deal with overlaps between the policy rules. Acl name No EPICenter cannot set or display the access-list name. Access list rules created by EPICenter created appear in the CLI with names ‘mgmt1’, ‘mgmt2’, and so on. When displaying an access-list in the ACL viewer, the name column is empty. Supports QP1-QP8 Yes “Permit-Established” is not supported. * See the ExtremeWare Software User Guide for information on how the device treats rules without precedence numbers. Source Port QoS Supports QP1-QP8 Yes Supports “blackhole” Yes Source port blackhole is implemented as disabling the source port. VLAN QoS Supports QP1-QP8 Yes QoS Profile Min/Max bandwidth Yes Priority Yes Min/Max Buffer No Per-port profile No ExtremeWare 5.x Features EW 5.x Features Supported in EPICenter Notes IP QoS Source ip/wildcard Yes Destination ip/subnet/wildcard Yes EPICenter Software Installation and User Guide 529 EPICenter Policy System Feature Comparison Source L4 port/wildcard Yes Destination L4 port/wildcard Yes Protocol IP, UDP, TCP, Other Partial Deny Yes Supports QP1-QP4 Yes Other protocol is not supported. Source Port QoS Supports QP1-QP4 Yes Supports “blackhole” Yes Source port blackhole is implemented as disabling the source port. VLAN QoS Supports QP1-QP4 Yes QoS Profile Min/Max bandwidth Yes Priority Yes Only four priorities are available. ExtremeWare 4.x Features EW 4.x Features Supported in EPICenter IP QoS No Source Port QoS No Notes VLAN QoS Supports QP1-QP4 Yes QoS Profile Min/Max bandwidth Yes Priority Yes 530 Only four priorities are available. EPICenter Software Installation and User Guide Cisco Internetworking Operating System (IOS) 11.2 Features Cisco Internetworking Operating System (IOS) 11.2 Features Supported in EPICenter Notes IP Access Group Yes Supported using QoS profile “blackhole” Priority Queuing Yes Supported using QoS profile priority field. Only supports four priorities rather than eight as in Extreme. Custom Queuing Yes Supported using QoS profile minimum bandwidth. Minimum bandwidth setting is simulated. Extended IP Access-List Yes EPICenter can use access-list 100 through 199. Cisco IOS 11.2+ Features IP QoS EPICenter Policy Issues and Limitations • The EPICenter policy server does not issue rules with duplicated traffic description. If the user creates a rule through the ExtremeWare CLI that contains the same traffic description as an EPICenter policy rule, the EPICenter policy rule is not configured to that device until the user removes the manually created rule. • If the user deletes an EPICenter policy rule through the ExtremeWare CLI, the rule is added back by the policy server during the next EPICenter policy configuration. • The EPICenter policy server can only detect rules that contain “duplicated” traffic descriptions (traffic flows). When duplicates occur, only one of the duplicated rules will be used. The rule to be used is based on the precedence of the policies. • The policy server does not detect IP rules that “overlap” in the general case. Two rules may overlap when their traffic classifications describe the same set of traffic even if the traffic descriptions are not identical. The user must decide which rule to use when a general “overlap” occurs by setting the policy precedence appropriately. When a packet matches multiple overlapping rules, the rule for the policy with the highest precedence is used. • EPICenter policy precedence is implemented by assigning precedence numbers to IP access-lists that are configured to the devices. These precedence numbers may be different on different devices depending on how many policies are active on a given device. The actual IP access-list precedence number is not as important because it is the relative ordering between the precedence numbers from the access-list that matters. • For ExtremeWare 5.x-6.1.x, the EPICenter policy server does not attempt to enforce the IP policy precedence because the policy server cannot set precedence numbers via SNMP. On these versions of ExtremeWare, the rule precedence is controlled by the device, based on “most specific match wins.” It is highly recommended that users upgrade to ExtremeWare 6.2 to take full advantages of the EPICenter policy server features. • A “Deny” ACL rule is displayed as an ACL using the “blackhole” QoS profile. • The EPICenter Policy server does not modify IP and source port rules created via the CLI. EPICenter Software Installation and User Guide 531 EPICenter Policy System Feature Comparison • An IP or source port rule created by the EPICenter policy server is identified by its owner string “EPICenter.” • Any access-list using TCP Permit-Established is displayed in the EPICenter policy server as protocol “Deny TCP Sync” and QoS profile “blackhole.” • VLAN policy does not support the “blackhole” QoS profile. • There is no owner string for VLAN QoS. As a result, the EPICenter policy server can modify VLAN QoS that was created via the ExtremeWare CLI. • A VLAN must have a QoS profile. As a result, when a VLAN policy is deleted, the VLAN QoS settings for the VLANs affected by that policy are not deleted. If the user wants these VLANs to revert back to some default QoS setting when the policy is removed, it is recommended that the user creates a separate “default VLAN” policy that assigns the desired QoS setting to these VLANs. • For a Cisco device, the EPICenter policy server enforces policy precedence by using a combination of “deny” and “permit” traffic specification. No explicit precedence number is used. However, inside the policy ACL viewer, an equivalent precedence number is displayed for Cisco devices. It is the relative ordering between the rules that is important, not the precedence number itself. • If Cisco device is synchronized, its equivalent precedence number is lost until the next policy configuration. This can happen in the following cases: — The user removes the Cisco device from the EPICenter inventory, then adds it back to the EPICenter database. — The user uses the “Sync” button to explicitly synchronize the device. • Policy components (resources) inherit different properties when used as traffic endpoints than when they are used in a scope definition: — As an endpoint, a user resource inherits any physical port and IP information from all host resources that the user resource is related to. In the EPICenter policy server, this is treated as “user using host(s).” However, a host resource does not inherit from any user resources. — As an endpoint, a group resource inherits any physical port, VLAN, and IP information from all resources that are contained within the group, and all their descendents. — As an endpoint, a non-group resource does not inherit any physical port, VLAN, and IP information from any groups of which it is a descendant (i.e. from any parent groups). — As a scope, a group resource encompasses all descendent resources of the group. Defining a policy on a group is equivalent to defining the policy on all descendents of that group. 532 EPICenter Software Installation and User Guide Index Numerics 1d mode, STP 802.1Q tag 802.1x 341 321, 331 119 A About EPICenter page Access Domain of a policy access levels Access List Access List display access list policies viewing Access List summary view Ack button ACL Viewer Actions tab activation key Active Ports (ESRP) Add All button in Add Relationship to Group in Add Resources Add Attribute to Resource button Add button in Add Attribute to Resource in Add Relationship to Group in Add Resource in Alarm Category in Alarm Definition in Discovery in Grouping Manager in Grouping Manager search in Inventory Manager in IP/MAC Address Finder in Threshold Configuration in VLAN Manager Add Links to VLAN menu selection Add/Modify Condition button adding alarm category alarm definition CPU Utilization rule devices map background images nodes to a map protocol filters EPICenter Software Installation and User Guide 79 30 26, 355 30 439 33 437 437 124 409, 437 134 50, 53, 59 354 218 215 212 220 218 215 138 130 97 214, 217 223 90, 100 237 142 330 315 125, 128 138 130 142 100 313 297 339 relationships to resource resource as child RMON rule user accounts VLANs address range in Discovery in IP/MAC Address Finder Admin button Admin port Administration page Administrator adding users changing password default password deleting a user account distributed server configuration ExtremeWare access modifying users server properties configuration Administrator access EPICenter ExtremeWare alarm actions E-mail execute script forward trap run program short email sound alert Alarm Browser from Configuration Manager from ExtremeView applet from Inventory Manager from Real-Time Statistics applet from STP Monitor from Telnet applet from topology map from VLAN Manager Alarm button Alarm Definition tab alarm events Extreme proprietary traps from EPICenter RMON falling threshold RMON rising threshold 216 213 142 358 330 95 237 81 54, 59 357 358 358 357 360 371 356 358 363 26, 356 356 134 135 136 135 135 135 134 122 161 257 93 279 348 200 318 328 80, 122 129 121 121, 131 131 131 533 Index SNMP traps Syslog messages Alarm Log Browser Alarm Log Detail View Alarm Log history Alarm Log report Alarm System AlarmMgr utility alarms acknowledging actions Basic parameters categories configuring EPICenter as Syslog receiver CPU utilization rule display CPU utilization threshold configuration creating a filter Default category defining defining scope definition examples deleting detail view E-mail alarm action EPICenter event type Event Type definition execute script action falling threshold configuration falling threshold for CPU utilization rules falling threshold, predefined RMON rules filtering forward trap action history Port Utilization rule predefined predefined RMON event configuration rising threshold configuration rising threshold for CPU utilization rules rising threshold, predefined RMON rules RMON event types RMON rule definition RMON rule display RMON threshold configuration run program action scope setting up e-mail short email alarm action sound alert action startup condition for CPU utilization startup condition for RMON alarms startup condition for threshold alarms Sync in Threshold Configuration Syslog messages Temperature threshold rule threshold rule target configuration Topology Change rule unacknowledging variables writing Tcl scripts for alarm actions All Device Groups page All ESRPs view application as policy component Apply button architecture of EPICenter software 534 121, 131 131 123 126 154 386 23 27, 479 125, 141, 121, 141, 142, 124 134 130 138 153 141 140 127 138 129 133 136 124 126 135 131 131 136 144 146 148 126 135 154 148 129 148 144 146 148 131 143 141 140 135 132 136 135 134 146 144 141 151 131 148 149 148 124 132 155 89 352 39 86 28 Archive button (Configuration Manager) archiving configuration settings Attribute Name field Attribute Type field attributes of resources DLCS ID type generic type IP/subnet type Netlogin ID type Attributes tab Auto button auto configuration Auto populate view placement algorithm 165, 167 165 221 221 207, 210 219, 221 212, 219, 221 212, 219, 221 212 220 410, 433 43, 433 293, 305 294 B background image in Topology background map image Basic alarm parameters browser requirements for reports requirements for use as client buttons Ack Add (Add Attribute) Add (Add Resources) Add (Alarm Category) Add (Alarm Definition) Add (Discovery) Add (Grouping Manager search) Add (Grouping Manager) Add (Inventory Manager) Add (IP/MAC Address Finder) Add (Relationship to Group) Add (Threshold Configuration) Add (VLAN Manager) Add All (Add Resources) Add All (Relationship to Group) Add Attribute to Resource Add/Modify Condition Admin Alarm Apply Archive (Configuration Manager) Auto By Switch By VLAN Cfg All Cisco Policy Setup Clone (IP/MAC Address Finder) Close Config Config (Configuration Manager) Connect Device Create new device Create new map Cut nodes from map Default (Inventory Manager) Delete Delete (Alarm Category) Delete (Alarm Definition) Delete (Alarm System) Delete (Inventory Manager) Delete (IP/MAC Address Finder) 312 312 130 214, 90, 125, 80, 165, 410, 410, 235, 81, 410, 410, 90, 235, 49 49 85 124 220 215 138 130 97 223 217 100 237 218 142 330 215 218 212 128 81 122 86 167 433 323 323 434 451 240 86 434 157 336 297 296 302 90 429 139 138 124 110 240 EPICenter Software Installation and User Guide Index Delete (Threshold Configuration) Delete (VLAN Manager) Delete alarms with specified conditions Destroy Detail Discover (Device Discovery dialog) Discover (Inventory Manager) Download (Configuration Manager) ESRP EView Export (IP/MAC Address Finder) Export Local (IP/MAC Address Finder) Export Local (IP/MAC Finder) Filter Find (Grouping Manager) Find (IP/MAC Address Finder) Find (Telnet) Find (Topology) Find IP/MAC Groups Help Home Import Increment (Configuration Manager) Inventory Layout Logoff Mark Modify (Alarm Category) Modify (Alarm Definition) Modify (in VLAN Manager) Modify (Inventory Manager) Modify (Threshold Configuration) New New (Discovery) New (Grouping Manager) Order Paste nodes into map Play (Telnet) Policies Policy Print Map Profile Protocol Filters Query Remove (Add Attribute) Remove (Add Resources) Remove (Discovery) Remove (Grouping Manager) Remove (IP/MAC Address Finder) Remove (Relationship from Group) Remove All (Add Resources) Remove All (IP/MAC Address Finder) Remove All (Relationships from Group) Remove Attribute from Resource button Remove Condition(s) Repeat Reports ReRun (IP/MAC Address Finder) Reset Reset (Grouping Manager search) RT Stats Save 216, 218, 219, ServiceWatch EPICenter Software Installation and User Guide 210, 81, 86, 221, 151 333 124 210, 213 126 96 90 168 81, 351 81, 243 235, 240 240 235 127 215, 221 236 201 311 81, 233 81, 207 410 80, 374 210, 226 169 80, 89 305 81 315 139 138 335 90, 105 150 410, 416 96 210 410, 430 302 194 411 409, 437 310 410, 431 339 224 221 215 96 216, 219 237 218 215 237 218 212 125, 128 194 81 235, 240 410, 429 224 81, 269 410, 429 81 Settings... (Alarm Definition) Stop (Telnet) STP Submit (IP/MAC Address Finder) Sync (Inventory Manager) Sync (Threshold Configuration) Telnet TFTP (Configuration Manager) Topology Unack Upgrade (Configuration Manager) Upload (Configuration Manager) Variables... (Alarm Definition) Versions (Configuration Manager) VLAN VLANs (Topology) WildCard (IP/MAC Address Finder) Zoom map in Zoom map out By Switch button By VLAN button 90, 81, 81, 173, 177, 136 194 81 238 111 151 191 186 286 124 178 163 135 182 81 313 237 309 309 323 323 C categories for alarms Cfg All button changing password for Administrator user changing policy precedence children of resource Children tab Cisco device support 44, IOS features policy setup Cisco IOS features Cisco Policy Setup button client browser requirements (Windows only) installing installing stand-alone application (Solaris) installing stand-alone application (Windows) starting for first time system requirements client Tcl API client, installed application Clone button Clone button (IP/MAC Address Finder) Close button columns resizing sorting Command-line utilities community string for discovery in trap receiver setup Compare policy and configured rules 440, Component Tree device status indicator displaying subcomponents icons resizing composite link (topology) Compress Map menu selection 138 410, 434 358 360 430 210 214 451, 531 531 451 531 451 49 62 64 63 357 49 44 72 235 240 86 84 85 27 96 154 444, 447 82 84 82 83 84 290, 292 308 535 Index Compression Algorithm G.711 401 G.723.1 401 G.729 401 Other 401 Config button 81, 157, 410, 434 configuration files archiving 165 download incremental 169 downloading 168 Configuration Management Log report 388 Configuration Manager 23, 157 Alarm browser command 161 Archive button 165, 167 Archive command 160 archiving configuration files 165 Browse command (ExtremeWare Vista) 161 Device statistics command 162 Download button 168 Download command 160 download image to device 173, 177 download image to slot 178 download incremental configuration 169 download saved configuration 168 EView command 161 Increment button 169 Increment command 160 Properties command 163 right-click pop-up menu 159 scheduled device upload 165 software version specification 182 Telnet command 162 TFTP button 186 Upgrade button 173, 177, 178 Upgrade command 160 Upload button 163 Upload command 159 uploading device configuration 163 Versions button 182 VLANs command 162 configured rules display IP QoS 442 Source Port QoS 448 configuring policy precedence 430 configuring QoS policies 433 Connect Device button 336 Connect Edge Port to VLAN menu selection 317 conventions notice icons, About This Guide 18 text, About This Guide 18 copy (Telnet) 193, 197 CPU Utilization alarm event generation 147 event configuration rules 140 falling threshold configuration 146 Rising Threshold configuration 142 rising threshold configuration 146 rule definition 146 rule display 141 rule target configuration 149 Sample Type 146 Startup Alarm 146 Create new device button 297 Create new map button 296 536 creating alarm definitions alarm threshold event rules device groups incremental configuration file new device node (Topology) new topology map new topology view resources search task (IP/MAC Address Finder) VLANs creating a policy creating groups Custom applications custom applications Cut Map Nodes menu selection Cut nodes from map button cutting map nodes 129 142 102 170 297 296 293 211 236 330 416 42 206 206 302 302 302 D database backup utility database TCP port database validation utility dbbackup utility dbvalid utility decorative node Default alarm category Default button (Inventory Manager) Default device group Deflate Nodes menu selection Delete alarms with specified conditions button Delete button in Alarm Category in Alarm Definition in Alarm System in Inventory Manager in IP/MAC Address Finder in Threshold Configuration in VLAN Manager Delete Map menu selection Delete Map Nodes menu selection Delete View menu selection deleting a user account alarm category alarm definition alarm threshold rule alarms device groups map elements map links map view protocol filters submaps VLANs deleting a policy Destroy button Detail button Detailed ESRP Information view Detailed Task View (IP/MAC Address Finder) DevCLI utility device download incremental configuration download saved configuration 519 53, 59 518 519 518 289 138 90 89 309 124 410, 429 139 138 124 90, 110 235, 240 151 333 301 303 301 360 139 138 151 124 110 303 303 301 339 301 333 430 210, 213 126 354 238 27 169 168 EPICenter Software Installation and User Guide Index in Grouping Manager modifying information scheduled configuration global scheduled configuration upload uploading configuration from Device Alarms... menu selection Device Browse... menu selection Device Discovery set up window device groups creating default deleting modifying device groups as policy components Device Inventory report device node Device profile settings display device properties Device Properties menu selection Device Statistics menu selection device status ExtremeView Inventory Manager display obtaining SmartTraps SNMP Device Status report Device tab Device Telnet menu selection Device View menu item Device VLANs menu selection devices as policy component dialog boxes drop-down menu fields list box fields page tabs selecting multiple items in a list text fields directed configuration Discover button in Inventory Manager Discover button (Device Discovery dialog) Discovery Add button address range community string Enable SNMP V3 Discovery subnet mask Discovery Results window display mode, real-time statistics distributed server administration configuring server group manager configuring server group member distributed server mode Distributed Server summary report DLCS enabling on switch limitations Policy Manager requirements properties domains, STP download ExtremeWare software image, device ExtremeWare software image, slot EPICenter Software Installation and User Guide 205 105 167 165 163 318 319 95 88, 206 102 89 110 107 39 379 287 449 117 320 319 244 90 88 88 88 382 118 319 319 320 39 85 86 86 85 86 85 433 90 96 23, 88, 95 97 95 96 96 96 96 273 371 372 371 26 78 40, 523 524 524 523 524 341 173, 177 178 incremental configuration saved device configuration Download button (Configuration Manager) drop-down menu fields Dynamic Link Context System 169 168 168 86 40, 523 E Edit Policy Endpoints window election algorithm (ESRP) E-mail alarm action alarm action (short e-mail) setting up for alarms EMISTP mode endpoints for IP policy for source port policy for VLAN policy EPICenter architecture client installation components configuring server as trap receiver feature summary logging in navigating applications server components EPICenter Telnet from ExtremeView applet from Inventory Manager from Real-Time Statistics applet from STP Monitor from topology map from VLAN Manager ESRP active ports All ESRPs view detailed information view election algorithm Hello timer Master switch priority state ToMaster ToSlave TrackedActivePorts TrackedIPRoutes TrackedPings ESRP button ESRP Manager evaluation copy license updating to full license event configuration CPU utilization rule display CPU utilization rules other SNMP traps RMON rule example RMON rules rule target Event Log history Event Log report EView button Execute script alarm action 418 352 135 135 136 341 417 418 418 28 62 27 153 22 76 80 47, 69 24 258 94 280 349 319 329 354 352 354 352 353 352 354 354 354 354 354 354 354 81, 351 25, 351 50 55 140 141 140 152 150 140 149 154 387 81, 243 136 537 Index Expand Map menu selection Export button Export Local button external access protocol command protocol layer encoding layer server commands tags Tcl API Tcl functions transport layer Extreme switch obtaining device status information support in EPICenter updating status ExtremeView from Configuration Manager from Inventory Manager from Real-Time Statistics applet from STP Monitor from Telnet applet from topology map from VLAN Manager switch configuration information switch statistics switch status ExtremeWare features version 4.x version 5.x version 6.0 version 6.1 version 6.2 ExtremeWare requirements for IP/MAC Address Finder ExtremeWare software image downloading to device downloading to slot specifying current version ExtremeWare Vista from Configuration Manager from ExtremeView applet from Inventory Manager from Real-Time Statistics applet from STP Monitor from Telnet applet from topology map from VLAN Manager 308 235, 240 235, 240 44, 493 495 494 496 494 498 499 493 88 29 111 24, 243 161 94 280 348 200 319 329 248 253 244 530 529 528 528 527 538 201 311 81, 233 310 27, 481 307 135 G Get Java PlugIn link, global scheduled configuration Grouping Manager predefined groups Source Name field groups creating with Grouping Manager definition of in policy definitions predefined groups as policy components Groups button 75 167 23, 42, 205 206 226 42 205 42 206 39 81, 207 H heartbeat check Hello Timer (ESRP) Help button Home button host groups hosts as policy components HTTP port hyper node caveats 28 353 410 80, 374 206 39 54, 59, 63, 65 288 298 234 173, 177 178 182 161 257 94 280 348 200 319 328 F falling threshold CPU utilization for predefined RMON events RMON events file import in Grouping Manager Filter button filtering in reports resources filtering alarms Find Address Tasks List window Find button in Grouping Manager in IP/MAC Address Finder in Telnet applet in Topology Find IP/MAC button Find Map Node... menu selection FindAddr utility Fit Map in Window menu selection Forward trap alarm action 146 148 144 226 127 376 210, 214 126 234 I Import button import sources importing resources from file from LDAP directory from NIS from NT Domain controller ImportResources utility Increment button (Configuration Manager) incremental configuration file individual errors graph Inflate Nodes menu selection installing the client installing the server as a service (Windows) under Solaris under Windows instlic utility under Solaris under Windows Interface report Inventory button Inventory Export script Inventory Manager adding devices Discovery Inventory Manager page 210, 226 207 225 226 226, 227 226, 232 226, 232 490 169 170 268 309 62 54 56 52 61 55 383 80, 89 27 23 100 95 89 210, 215, 221 236 EPICenter Software Installation and User Guide Index IP address finding with IP/MAC Address Finder modifying for a VLAN IP address as policy components IP forwarding disabling enabling IP forwarding tab IP/MAC Address Finder Add button creating a search task Delete button ExtremeWare requirements Remove All button Remove button search results Submit button Target Domains list tasks list Tasks List Summary WildCard button IP-based policy 233 336 40 336 336 332 24 237 236 235 234 237 237 239 238 237 235 234 237 33 L L2 cloud node caveats L4 port L4 port range field specifying for client specifying for user Launch EPICenter link Layout button Layout Map In Window menu selection Layout Map menu selection LDAP directory, importing from license key activation key adding or updating licensing obtaining a permanent license obtaining an evaluation license upgrading (adding modules) upgrading (evaluation to permanent) link (topology) composite link deleting links, marking in Topology applet list box fields logging in Login page Logoff button 288 298 420 421 421 421 75 305 306 305 226, 227 52, 58 50 55, 61 50 50 50 51 50 289 290, 292 303 315 86 76 76, 357 81 M macro status macros (Telnet) record/play Start Record command Stop Record command variables Manager access EPICenter Software Installation and User Guide 194 192 198 198 194 26, 355 Map auto populate creating deleting submap Expand Map fit Map in Window Layout Map In Window renaming map element description panel map elements composite link decorative node device node hyper node L2 cloud node link submap node text node map hierarchy tree map nodes adding cutting deleting laying out map properties background image link text color map name node gradient background node text color RMON statistics Map Properties... menu selection Map, topology Mark button Mark Links Mode menu selection Master switch Max Bandwidth Policy QoS VoIP MIB variables in RMON rules in RMON threshold configuration Min Bandwidth Policy QoS VoIP Minimum Bandwidth Calculations Modify button in Alarm Category in Alarm Definition in Inventory Manager in Threshold Configuration in VLAN Manager modifying alarm category alarm definition alarm theshold rule device groups device information IP address for VLAN map properties policy precedence Qos profiles user accounts VLANs 293, 294, 305 296 301 308 307 306 301 287, 291 290 289 287 288 288 289 287 289 287 297 302 303 305 311 312 312 312 312 312 313 311 287 315 315 352 432 396 143 143 432 396 402 139 138 90, 105 150 335 139 138 150 107 105 336 311 430 431 358 334 539 Index Monitor access 26, 355 N navigating EPICenter applications Navigation Toolbar Network Login/802.1x tab Network Login/802.x1 display network resource specification Network Resources list policy definition page Network Status Summary report New button in Discovery in Grouping Manager New Decorative Map Node menu selection New Device Map Node menu selection New Map Link menu selection New Map menu selection New Text Map Node menu selection New View menu selection NIS, importing from NT Domain Controller, importing from 77, 410, 226, 226, 80 80 119 450 414 413 413 374 416 96 210 298 297 298 296 298 293 232 232 O Order button 410, 430 P page tabs passwords changing for Administrator default users changing paste (Telnet) Paste Map Nodes menu selection Paste nodes into map button Play button Policies button Policies View Policy Access Domain policy access domain specifying Policy Access Domain Resource list Policy button policy components applications device groups devices groups hosts IP address policy named components policy primitive components ports QoS profiles subnets users VLANs policy configuration auto configuration comparing policies with configured rules directed configuration status Policy definition 540 85 358 357 360 193, 197 302 302 194 411 409, 411 41 422 422 81, 409, 437 30 39 39 39 39 39 40 38 38 40 40 40 40 40 433 440, 444, 447 434 433 30 policy definition page network resource policy scope policy type buttons traffic definition traffic direction Users list policy description policy name policy precedence changing configuring policy rule comparison display IP QoS Source Port QoS VLAN QoS policy rules display IP QoS Source Port QoS VLAN QoS policy scope specifying Policy Scope Resource list policy traffic policy traffic definition policy traffic page policy type Access Based Security QoS IP QoS source port QoS VLAN QoS policy type buttons polling Port Configuration utility Port exception QoS Profiles display port groups creating ports changing configuration correcting conflicts in Grouping Manager port types in VLAN Manager removing from VLAN STPD membership ports as policy components predefined alarms predefined groups Print Map button Print Map menu selection Printing Priority (ESRP) Priority field Profile button Properties from STP Monitor from Telnet applet from VLAN Manager protocol filters adding changing in VLAN deleting Protocol Filters button PVST+ mode 412, 416 414 414 413 413 413 413 30 30 43 430 430 441 447 444 442 448 445 30, 41, 414 422 422 30, 35 413 414 30, 417 31 31 31 31 413 88 477 449 206 211 477 477 205 327 331, 335, 338 341 40 121, 129 206 310 310 86 354 432 410, 431 350 199 330 331 339 335 339 339 341 EPICenter Software Installation and User Guide Index Q QoS profile as policy components default QoS profiles devices for configuration Max Bandwidth Max Bandwidth for VoIP Min Bandwidth Min Bandwidth for VoIP modifying ports for configuration Priority field Priority in VoIP viewing VoIP setting QoS Profile display QoS Profile tab QoS Settings Auto Configure Default configurations Manually Configure QoS Settings for VLAN Compression Algorithm Egress Port Selection Max # of phones Overview Priority Profile Query button 40 431 432 432 396 432 396 431 432 432 396 431 396 449 432, 451 405 404 405 401 402 401 400 401 401 224 R RADIUS client configuration configuring shared secret disabling enabling server enabling server response messages server server administration server port configuration RADIUS Administration tab Real-Time Statistics 24, from Configuration Manager from ExtremeView applet from Inventory Manager from STP Monitor from Telnet applet from topology map from VLAN Manager graph preferences 273, individual errors graph total errors graph utilization graph related publications, About This Guide Relationship tab relationships of resources 207, Relationships tab Release Notes Remote Authentication Dial In User Service (RADIUS) Remove All button in Add Relationship to Group in IP/MAC Address Finder Remove Attribute from Resource button EPICenter Software Installation and User Guide 363 362 363 362 363 356 361 363 362 267 162 258 94 349 200 319 329 274 268 268 268 19 218 210 217 17 26 215 218 237 212 Remove button in Add Attribute to Resource in Add Relationship to Group in Discovery in Grouping Manager in IP/MAC Address Finder remove children from a group remove resource from results list Remove Condition(s) button removing a child resource Rename Map menu selection Rename View menu selection view (topology) renaming Repeat button Repeat Delay field Repeating check box reports Alarm Log report browser requirements for Configuration Management Log report creating user-defined Device Inventory report Device Status report Distributed Server summary Event Log report exporting filtering Interface report Network Status Summary Network Status Summary report printing Resource to Attribute Mapping report Server State Summary report Slot Inventory report System Log report User to Host Mapping report viewing from stand-alone client VLAN Summary report Reports button ReRun button Reset button in Grouping Manager search resetting a policy resizing columns in status display Component Tree resource adding as child adding relationships attributes children Children tab definition of deleting filtering relationships Relationships tab removing as a child resource details display Resource Results list searching for Select Resource to be Added panel Resource Results list 221 218 96 219 237 216 215 125, 128 216 301 301 194 194 194 26 386 49 388 389 379 382 78 387 389 376 383 77 374 389 384 378 381 387 385 74 382 81 235, 240 86, 410, 429 224 429 84 84 213 216 207, 210 210 214 205 213 210 207, 210 217 216 209 215 221 214 215 541 Index Resource to Attribute Mapping report resources creating in Grouping Manager description DLCS ID attribute type filtering generic attribute type importing IP/subnet attribute type name Netlogin ID attribute type source type unique name resynchronize (RMON) rising threshold CPU utilization for predefined RMON events RMON events RMON alarm event generation configuration event configuration rules Falling Threshold configuration falling threshold, predefined events MIB variables for rules Port Utilization predefined rule predefined rule definition resynchronize Rising Threshold configuration rising threshold for predefined events rule definition rule display rule target configuration Sample Type Sample Type (predefined rule) Startup Alarm Startup Alarm for predefined rule Temperature predefined rule Topology change predefined rule traps utilization on map links RMON Statistics (Topology) RT Stats button rule CPU utilization threshold configuration display, CPU utilization display, RMON predefined RMON event configuration RMON configuration example RMON threshold configuration threshold target configuration Run program alarm action runclient command in Windows runserv command in Solaris in Windows 384 211 209, 212 219, 221 214 212, 219, 221 225 212, 219, 221 209, 211 212 209 209, 211 209 152 146 148 144 141, 141, 121, 81, 145 140 140 144 148 143 148 148 152 144 148 143 141 149 144 148 144 148 148 148 123 313 313 269 146 141 141 148 150 143 149 135 72 71 70 S Sample Type Absolute (for CPU Utilization Absolute (predefined RMON) Absolute (RMON) 542 146 148 144 Delta (for CPU Utilization) 146 Delta (RMON) 144 Save button 216, 218, 219, 221, 410, 429 scheduled configuration upload 165 scheduled configuration, global 167 scope for alarms 132 Scope tab 132 search results Discovery 96 Grouping Manager query 224 IP/MAC Address Finder 239 search task (IP/MAC Address Finder) 236 Searching for a resource 221 Select All Map Nodes menu selection 304 Select Resources to be Added panel 214, 217 Server Hostname field 73 server installation under Solaris 56 under Windows 52 server properties 356 administration of 363 Automatically Save Configuration 366 Client Port 369 Default Map RMON Statistics 368 Device HTTP Port 365 Device SSH Port 370 Device Telnet Port 365 Device Tree UI 370 Devices properties 365 DHCP Temporary Lease 370 DNS Lookup Timeout Period 369 Edge Port Maximum Table Size Setting 368 Edge Port Poll Interval 368 Enable Edge Port Polling 368 Enable RMON Display 368 Enable SCP2 370 Enable Syslog Server 365 EPICenter Trap Receiver Port 368 HTTP Proxy Device 369 HTTP Proxy Port 369 IP QoS Rule Precedence 369 Load Information from http //www.extremenetworks.com 369 Maximum Number of SNMP Sessions 367 Number of Retries 368 Other properties 369 Poll Devices Using Telnet 366 Poll Edge Ports Fast 368 Poll Interval 367 Save Changed Configurations 366 Save Switch Password for Vista Login 366 Scalability properties 366 SCP2 Command Line 370 ServiceWatch URL 369 Session Timeout Period 369 setting 363 SHH2 Command Line 370 SNMP properties 367 SysLog Message Min Severity 366 Syslog Message per Device 367 Syslog Message per Minute 367 Telnet Login Timeout Period 365 Telnet Screen Width 370 Thread Default Alloc Size 367 EPICenter Software Installation and User Guide Index Thread Pool Size Timeout Period Topology properties Traps per device Traps per Minute Update Type Library on Server Upload/Download Timeout Period Use EPICenter Login for Telnet Server Properties tab server service Server State Summary report ServiceWatch button setting graph preferences (RT Stats) map properties server properties Settings... button (Alarms) Slot Inventory report SmartTraps SNMP alarm event type configuring trap events default trap port number total traps rate limit traps traps per device rate limit SNMPCLI utility software architecture software components software licensing Solaris server installation starting the server stopping the server uninstalling the server uninstalling the stand-alone client sorting columns sound alert alarm action Source Name field source of resource source port policy Source Port QoS display Spanning Tree domains Specify client L4 port checkbox Specify user L4 port checkbox SSH2 (Inventory Manager) Stand-alone Utilities Start Record (Telnet) starting the client browser-based (Windows only) under Windows starting the server under Solaris under Windows Startup Alarm for CPU Utilization for predefined RMON rule RMON State (ESRP) statistics display mode, real-time graph preferences (RT Stats) in Extremeview individual port real-time EPICenter Software Installation and User Guide 367 368 368 367 367 370 365 366 363 420 378 81 274 311 356, 363 136 381 28, 88 88 131 152 153 367 121, 123 367 27 28 27 50 56 71 71 67 68 85 134 226 209 36 445 341 421 421 106, 112 27 198 74 72 71 69 146 148 144 354 273 274 253 271 multi-port real-time real-time Status icon Status/Detail Information panel Stop button Stop Record (Telnet) stopping the server under Solaris under Windows stopserv command STP 1D mode default domain EMISTP mode PVST+ mode STP button STP domains STP Monitor Alarm browser menu item Browse menu item (ExtremeWare Vista) Device menu Device statistics menu item displaying device configuration information displaying port configuration information displaying STP domain information displaying VLAN configuration information EView menu item Properties menu item STP Properties menu Telnet menu item VLAN Properties window VLANs menu item STP tab STPD See Spanning Tree domains submap node Submit button subnet mask subnets as policy components switch configuration information (EView) switch polling switch statistics (ExtremeView) switch status (ExtremeView) Sync button 88, in Inventory Manager in Threshold Configuration Syslog alarm event type configuring EPICenter as Syslog receiver enabling EPICenter Syslog server history message storage messages in alarms setting minimum severity for message acceptance Syslog Messages tab total messages rate limit Syslog Messages tab System Log report 269 267 410 83 194 198 71 70 71 341 341 341 341 81 341 26 348 348 348 349 344 346 342 344 348 350 347 349 348 349 119 287 238 96 40 248 88 253 244 111 90 151 131 153 365 120 120 131 366 120 367 120 387 T tagged ports Target Domains list Target tab Tasks List Summary window 331 237 149 234 543 Index Tcl writing scripts for alarm actions Tcl client API Tcl exported functions Telnet applet Alarms browser menu item copy Device statistics menu item EPICenter Telnet EView menu item ExtremeWare Vista menu item Find button from Configuration Manager from ExtremeView applet from Inventory Manager from Real-Time Statistics from STP Monitor from topology map macro status macro variables macros paste Properties menu item Repeat Delay Repeating check box right-click pop-up menu third-party devices VLANs menu item Telnet button Telnet Connections list terminology, About This Guide text fields text node TFTP button (Configuration Manager) TFTP server enabling/disabling setting root directory path third-party device support Telnet applet Threshold Configuration page Threshold Configuration tab ToMaster (ESRP) topology background image By device display By VLAN display composite link decorative node device node displaying VLAN information Expand Map Find Map Node window Fit Map in Window hyper node L2 cloud node Layout Map In Window link map map background color map element description panel map hierarchy tree map properties node background color renaming a view 544 24, 193, 193, 81, 155 498 499 191 200 197 200 191 200 200 201 162 258 94 280 349 319 194 194 192 197 199 194 194 199 199 201 191 192 17 85 289 186 186 186 29 199 140 140 354 312 313 313 290, 292 289 287 313 308 311 307 288 288 306 289 287 312 287, 291 287 311 312 294 setting view properties submap node text node view VLANs button Topology button Topology views ToSlave (ESRP) total errors graph TrackedActivePorts (ESRP) TrackedIPRoutes (ESRP) TrackedPings (ESRP) traffic direction traffic patterns, access lists TransferMgr utility traps default trap port number Extreme proprietary RMON setting EPICenter to receive SNMP total traps rate limit traps per device rate limit 81, 25, 413, 27, 304 287 289 286 313 286 285 354 268 354 354 354 420 439 484 153 121 121, 123 153 121, 123 367 367 U Unack button Undo Map Edit menu selection uninstalling the server under Solaris under Windows uninstalling the stand-alone client under Solaris under Windows unique name of resource untagged ports Unzoom Map menu selection updating switch information Upgrade button (Configuration Manager) upgrading from a previous release license (adding optional modules) license (evaluation to permanent) upload device configuration scheduled Upload button (Configuration Manager) user EPICenter access ExtremeWare access User Administration page user groups User to Host Mapping report user-defined reports users as policy components Users list users, adding users, modifying utilities database backup database validation utilization graph 124 310 67 66 68 67 209 331 310 111 173, 177, 178 51 51 50 163 165 163 356 356 357 206 385 389 40 413 358 358 519 518 268 EPICenter Software Installation and User Guide Index V Variables... button (Alarms) Versions button (Configuration Manager) view (topology) creating renaming setting properties View configured rules menu item View Documentation link View policy rules menu item View Properties View Reports link viewing access list policies Network Login/802.1x policies summary policy definition policy precedence port exception QoS profiles QoS profiles viewing by VLAN Virtual LANs. See VLANs VLAN Disabling VoIP on Enabling VoIP on VLAN button VLAN Manager Add button Alarm Browser command By Switch button By VLAN button Connect Device button Delete button Device statistics command ExtremeView command ExtremeWare Vista command from Configuration Manager from Inventory Manager from STP Monitor from Telnet applet from topology map main page Modify button Modify VLAN Membership command Properties command Protocol Filters button right-click pop-up menu Telnet command VLAN policy VLAN QoS display VLAN Summary report VLAN tab VlanMgr utility VLANs 802.1Q tag adding adding links adding protocol filters adding tagged ports adding untagged ports Connect Device connecting edge port definition of deleting EPICenter Software Installation and User Guide 135 182 286 293 294 304 441, 444, 447 75 441, 444, 447 304 75 437 450 411 412 430 449 431, 449 325 25, 328, 27, 321, 399 399 81 321 330 328 323 323 336 333 329 329 328 162 94 349 201 320 322 335 337 330 339 328 329 37 443 382 119 487 325 331 330 315 339 331 331 336 317 322 333 deleting protocol filters disabling IP forwarding displaying displaying in Topology applet enabling IP forwarding finding connections from ExtremeView applet from Real-Time Statistics applet modifying modifying IP address modifying VLAN membership protocol filters remove a port removing a port viewing by switch viewing member ports VLANs as policy components VLANs button VLANs for VoIP VoIP Details report Disabling on a VLAN Enabling on a VLAN Voice VLAN Summary report VoIP Manager VoIP Settings IP Address Maximum Bandwidth (Max BW) Minimum Bandwidth (Min BW) Priority QoS Profile Switch VLAN 339 336 323 313 336 336 258 281 334 336 337 321 331 335, 338 324 326 40 313 397 407 399 399 407 395, 397, 402 396 396 396 396 396 396 396 W WildCard button wildcards in Discovery addresses in IP/MAC Address Finder Windows server installation starting browser-based client starting the client starting the server stopping the server uninstalling the server uninstalling the stand-alone client 237 95 237 52 74 72 69 70 66 67 Z Zoom Zoom Zoom Zoom map in button Map In menu selection map out button Map Out menu selection 309 309 309 309 545
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project